Did you send this email? Ask your biz partner, client before transferring cash: Mumbai police
How do you proceed if you suspect that you might be the target of an online scam? A simple phone call, SMS or get WhatsApp message is all that it takes to defend yourself, said experts.
Calling or messaging your client or business partner will help you confirm if an email asking you to transfer money to a new bank account has been sent by them and not a fraudster.
Experts said a confidential email ID, one that is not displayed on the company’s website, should be used to discuss financial transactions.
Based on the modus operandi used to acquire personal information about a company’s financial transactions, officials have identified three types of cyber scams — email spoofing, business email compromise scams and man-in-the-middle attacks.
“Since 2015, I have handled 30 cases in which fraudsters have created an email ID similar to the firm’s official ID. They then ask unsuspecting customers to deposit funds into a new bank account,” cyber expert Ritesh Bhatia told HT.
“This type of crime is easily preventable. All the client has to do is call the company before transferring the money just to cross-check if the email was sent by them. You spend few rupees on the call but end up preventing a heavy loss in future,” added Bhatia
He said there is a need for better security systems and a focus on preventive measures as such cases of fraud are rarely solved and it is difficult to recover the money.
“Recently, a firm in India lost Rs4 lakh when a cybercriminal duped them using this modus operandi. In this case, the fraudster turned out to be one of the firm’s employees. He leaked personal information about its financial transactions and was arrested in America,” cyber expert Vijay Mukhi told HT.
It is important for firms to apprise their employees about man-in-the-middle attacks, data theft email hacking, said cyber experts. They added that it is common for fraudsters to send their targets emails containing viruses that help them steal data.
Employees should be warned not to click on such links. They should also discuss transactions face-to-face as opposed to over email.