Said “a” – say “b”: Indian firm lost more than €24,000 because of one letter

An Indian company supplying engineering equipment to Indian mining, construction and manufacturing firms has been the victim of a Man-in-The-Middle (MiTM) cyberattack. As a result of the attack, the company lost more than €24,000.

According to police in the city of Pune, where the victim’s company was based, the cybercriminals replaced one letter in the email address of a sales manager for a French company with which the Indian firm was doing business. The incident took place earlier this year and the police are conducting a thorough investigation to determine the extent of the incident.

How it happened

According to the police investigation, the alleged attack lasted from January to March 2023. The Pune-based company placed an order worth more than €51,000 with a major French engineering firm in January, according to the investigation. The order was sent to the e-mail address of the French company’s sales manager, with whom the Pune-based firm had a long-term business relationship.

A few days later, the Indian firm received an email stating that the French company’s bank account and SWIFT code were unavailable. The letter indicated that the firm should make payment to a new bank account in Lisbon.

Trusting this message and unaware of fraud, the leaders of the Indian firm transferred the advance payment of €24,589 to a fraudulent bank account in Lisbon. A few weeks later, the firm’s employees asked about the status of the shipment of equipment, and the French side informed them that they were still waiting for payment. This aroused suspicion, and the company decided to carefully study the previous correspondence.

It was discovered that an email with information about changing bank details was sent from a fake address that differed from the real one by only one letter – “a” instead of “e”. Upon realizing the fraud, the Indian company filed a formal complaint with the Pune City Police.

How cybercriminals acted

Investigators from the Pune city police spoke about the way MiTM attacks work. The criminals first hack into the email accounts of subjects involved in business transactions.

The hackers then scrutinize current deals and orders and create an email address that closely resembles one of the participants in the deal. With this deceptive email account, the hackers gain the trust of the targeted organizations using the information they have collected earlier.

How to protect yourself from cyber attacks

The authorities stressed the importance of putting in place strong cybersecurity measures to avoid falling victim to such fraudulent activities. Information security specialists recommend the following cyber hygiene measures:

• Regularly check the security features of email addresses and mail systems.
• Add digital signatures to email messages for verification;
• Provide basic cybersecurity training to employees to increase awareness of potential scams and risks;
• Always confirm any changes in bank details by direct or telephone contact with authorized personnel;
• Authenticate domain names when working with business objects through email addresses;
• If fraud is suspected, contact the IT department immediately, preferably within 48 hours.

Current investigation

Pune City Police assured the affected firm and the business community at large that a thorough investigation was underway to find those responsible for the cyberattack. This case serves as a reminder to all businesses to remain vigilant and take proactive steps to protect against cyber threats.

As the investigation continues, authorities hope to raise cybersecurity awareness and encourage businesses to take proactive steps to protect against similar malicious attacks in the future.

Earlier we wrote that an incorrect domain suffix entry led to the fact that millions of US military emails were sent to the Mali domain (.ml) instead of the correct .mil suffix. Although most of these emails are spam and contain no classified information, some of them include sensitive data, including medical reports, identity information, base crew and personnel lists, naval inspection reports, and other data.