Man-in-the-middle case: Mumbai firm loses Rs10.89 lakh to online fraudster
A logistics company at Govandi recently lost $16,000, or Rs10.89 lakh, to an unidentified attacker who hacked its official email account to seek an early payment from its client in Italy.mumbai Updated: Jan 23, 2017 00:43 IST
A logistics company at Govandi recently lost $16,000, or Rs10.89 lakh, to an unidentified attacker who hacked its official email account to seek an early payment from its client in Italy.
Such frauds are, in cyber lingo, termed man-in-the-middle attack involving hacking an official e-mail account of a company and finding out about its upcoming transactions with other companies.
According to a First Information Report registered (FIR) with the Govandi police station on January 17, the company used to regularly deal with the Italian company. It used to deliver goods received from the foreign client to various addresses in the country.
The representatives of both companies would communicate through e-mails.
The unidentified attack somehow managed to hack the Gmail account of the complainant’s company and sent an email to the Italian company’s representative asking for an early payment.
In the message, he also provided the bank account number in which the money was to be deposited.
The transaction of $16,000 was made in September last year. The company, however, learnt about the fraud when it did not receive money and contacted the client.
They approached the Govandi police station and filed a case. The investigation revealed that the money has been sent to a bank account in a foreign country.
The police are trying to trace to which country this money has been sent.
Long legal process hampers police’s efforts to detect cases as
The number of man-in-middle attack cases rose by 37% to 26 in 2016 from 19 in 2015. While in 2016, victims lost Rs14.54 crore, the amount stood at Rs4. 33 crore in 2015.
All man-in-the-middle cases in 2015 remained undetected. The police attribute it to the cumbersome legal process of a particular country from where the crime was committed and non-cooperation from social networking sites and Internet service providers for personal information and location of overseas servers.
These are just the cases which are registered with the police. “There are cases where private firms do not come forward to avoid disrepute,” said cyber expert Ritesh Bhatia.
All bank accounts, where money has been deposited, are in foreign countries. When contacted by the cyber police, these banks authorities take a month to reply and eventually deny giving any information. They ask the police to approach them through legal channel (letters rogatory), which is a lengthy process.
For the legal remedy, the state home department co-ordinates with the central home department. After getting the government’s approval, the police are allowed to write to a foreign country’s court, which give a go-ahead to probe the case.
The legal tangle is, however, not the only stumbling block.
When contacted, internet service providers and social networking sites too take weeks to reply and later ask the police to move court before divulging information about a hacker.