Today in New Delhi, India
Jun 20, 2019-Thursday
-°C
New Delhi
  • Humidity
    -
  • Wind
    -

Andheri firm loses Rs 15L to cyber attack

According to the Oshiwara police, the complainant company landed a big project from a private company to make video advertisements. They then contacted a Romanian company to outsource some of the work.

mumbai Updated: May 20, 2019 04:46 IST
Jayprakash S Naidu
Jayprakash S Naidu
Hindustan Times, Mumbai
Typically, in an MIM attack, cyber fraudsters intercept emails or virtual exchanges between two parties and cheat one of them by impersonating the other’s email ID.(Shutterstock)

An advertising company in Andheri was cheated of Rs 15.35 lakh by cyber-fraudsters in April in a ‘man-in-the-middle (MIM) attack’. Typically, in an MIM attack, cyber fraudsters intercept emails or virtual exchanges between two parties and cheat one of them by impersonating the other’s email ID.

According to the Oshiwara police, the complainant company landed a big project from a private company to make video advertisements. They then contacted a Romanian company to outsource some of the work. The Romanian and the Andheri companies were communicating via their official email IDs.

Last month, the Andheri firm got an email from the Romanian company asking them to make the payment for the work in another bank account, citing some internal issue. At first they gave the complainant firm a London bank account number, but when the transaction to it failed, they gave a Delhi bank account number. They also sent a payment invoice to the Andheri firm.

However, when the Andheri firm got in touch with the Romanian company, they realised the latter had not sent them any such email. Realising they had been cheated, the Andheri company’s manager approached the police last week and an FIR was registered under relevant sections of the Indian Penal Code and IT Act.

The police said the fraudsters somehow hacked into the confidential exchange of the complainant firm and the Romanian company and created an email ID similar to the latter’s. They also sent a forged invoice to win their trust. The police said the fraudsters also created a fake email ID of another client the Andheri firm was dealing with, but the fraud was detected in time.

Cyber advocate Vicky Shah said, “All private companies can configure domain-based message authentication, reporting and conformance [DMARC] systems to validate e-mails and prevent impersonation. This helps to prevent such attacks.”

First Published: May 20, 2019 04:46 IST