Cybercrooks mirror company emails to con victims
The next time you get an email from someone you know about a monetary transaction, check the sender’s e-mail address carefully before replying or following instructions. Mohamed Thaver reports.
The next time you get an email from someone you know about a monetary transaction, check the sender’s e-mail address carefully before replying or following instructions. A new modus operandi has been observed by the cyber police, in which cybercriminals make minute changes to e-mail addresses that go unnoticed during a cursory look and dupe victims by posing as their friends or business clients.
Explaining how the fraud works, an officer from the cyber police station at Bandra-Kurla Complex said, “For example, if the email address of a person is ‘ajay.bhatia@gmail.com’, the accused will create an e-mail ID ‘ajay.bhatia.@gmail.com’.”
The officer added, “When the victim is communicating with Ajay Bhatia over a period to time, he will not check the email address of the sender closely and falls prey to the fraud, more so because the change to the mail address is so minute (here, only a period after the surname).”
The officer said that cybercriminals hack into company servers to find targets, especially those that operate on an international level. “Once they zero-in on two parties exchanging emails, they make small changes in the email address of the party that is to receive a payment for having delivered some good or service,” he added.
The officer said that a city-based import-export company was transacting with a firm in the US earlier this year. After sending across the delivery of goods, the firm was to receive the money – a sum that ran into lakhs. But the US firm ended up depositing the money in an account in a Hongkong bank. Senior inspector of the cyber police station, Nandkishore More, confirmed to Hindustan Times that at least five such cases have been reported to them in the past few months. “This seems to be a new trend employed by cybercriminals to dupe unsuspecting persons. Especially those using emails for monetary purposes should be careful and go through email address carefully,” he said.
He added, “In cases when there are issues like change in bank account numbers, people should verify the same by calling up the other party before making any such payments.”
Cyber lawyer Pankaj Bafna said, “It is called mirroring of emails. The accused copies emails being exchanged between two parties, and then creates a similar email to dupe victims.” He added, “In addition to ensuring that you double-check before making payments, you should also ensure that the firewall settings are at high security level to ensure that your networks are not hacked into.”