Andheri firm loses ₹15L to cyber attack | Mumbai news - Hindustan Times
close_game
close_game

Andheri firm loses 15L to cyber attack

Hindustan Times, Mumbai | ByJayprakash S Naidu
May 20, 2019 04:46 AM IST

According to the Oshiwara police, the complainant company landed a big project from a private company to make video advertisements. They then contacted a Romanian company to outsource some of the work.

An advertising company in Andheri was cheated of 15.35 lakh by cyber-fraudsters in April in a ‘man-in-the-middle (MIM) attack’. Typically, in an MIM attack, cyber fraudsters intercept emails or virtual exchanges between two parties and cheat one of them by impersonating the other’s email ID.

Typically, in an MIM attack, cyber fraudsters intercept emails or virtual exchanges between two parties and cheat one of them by impersonating the other’s email ID.(Shutterstock)
Typically, in an MIM attack, cyber fraudsters intercept emails or virtual exchanges between two parties and cheat one of them by impersonating the other’s email ID.(Shutterstock)

According to the Oshiwara police, the complainant company landed a big project from a private company to make video advertisements. They then contacted a Romanian company to outsource some of the work. The Romanian and the Andheri companies were communicating via their official email IDs.

Hindustan Times - your fastest source for breaking news! Read now.

Last month, the Andheri firm got an email from the Romanian company asking them to make the payment for the work in another bank account, citing some internal issue. At first they gave the complainant firm a London bank account number, but when the transaction to it failed, they gave a Delhi bank account number. They also sent a payment invoice to the Andheri firm.

However, when the Andheri firm got in touch with the Romanian company, they realised the latter had not sent them any such email. Realising they had been cheated, the Andheri company’s manager approached the police last week and an FIR was registered under relevant sections of the Indian Penal Code and IT Act.

The police said the fraudsters somehow hacked into the confidential exchange of the complainant firm and the Romanian company and created an email ID similar to the latter’s. They also sent a forged invoice to win their trust. The police said the fraudsters also created a fake email ID of another client the Andheri firm was dealing with, but the fraud was detected in time.

Cyber advocate Vicky Shah said, “All private companies can configure domain-based message authentication, reporting and conformance [DMARC] systems to validate e-mails and prevent impersonation. This helps to prevent such attacks.”

SHARE THIS ARTICLE ON
Share this article
SHARE
Story Saved
Live Score
OPEN APP
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Thursday, March 28, 2024
Start 14 Days Free Trial Subscribe Now
Follow Us On