What he thought was a delivery confirmation mail from a client he has been dealing with for years, cost a businessman from Vile Parle Rs 16.85 lakh.
The complainant, Sudhir Pisal, 62, owns a company which imports filter machines from United Kingdom, Japan, Thailand and China and provides them to pharmaceutical firms in India for the past 30 years. Pisal’s company first finalises a deal with a country and sends them the details of the order through an email. The company then makes a 50% advance payment to the foreign country using online banking, which then manufactures the ordered machines. Once the order is ready to be delivered, Pisal’s company gets an email, after which they pay the remaining amount.
In January, Pisal’s company placed an order with Chengdu Well Reach in China on their e-mail ID email@example.com and also made an advance payment of Rs 12.81 lakh. “On March 4, Pisal’s company received a confirmation of the order and asked them to make the rest of the payment. On March 10, the firm again received an e-mail from the Chinese company from the e-mail ID, firstname.lastname@example.org, stating the company has created a new bank account and the rest of the amount should be deposited in it,” said Nitin Gije, assistant inspector of the Bhandup police station.
Pisal’s accountant transferred the remaining amount, Rs 16.85 lakh, to the new bank account and sent an acknowledgement, but did not get the delivery for many days. When Pisal called the representatives of the company, he was told they had not sent the e-mail on the change in the bank account.
Pisal and his employees then realized their email conversation with the Chinese client had been hacked into and the mail they received was not from the company’s id, but from a fake account created by replacing just one letter in the username. “The source of the account was in the United Kingdom and not China,” Gije said.
Pisal registered an FIR with the Bhandup police station on June 12. “We have registered a case under the relevant sections of the Indian Penal Code and Information Technology Act for cheating and impersonation and are seeking technical assistance from the BKC cyber police station. We are also trying to get the banking details of the unauthorized transactions,” the officer said.
* Don’t click on unknown links, as some of them are encrypted with bugs or viruses that can steal your data, including email conversation details
* While sending details through email, check if the right address has been entered
* If you get a business-related email asking you to send money to another bank account, call the person and confirm
* Do not reply to unauthorized or suspicious emails that offer prizes or lotteries