In a significant cybercrime incident, a Pune-based company specializing in IT services and dry fruit imports fell victim to a Man-in-the-Middle (MitM) cyber attack, resulting in a staggering loss of ₹6.5 crore. The attack, which occurred on March 27, highlights the growing sophistication of cybercriminal tactics and the vulnerabilities faced by businesses in the digital age.
A MitM attack is a type of cyberattack where an attacker secretly intercepts and manipulates communications between two parties who believe they are directly communicating with each other. In this case, the fraudsters altered email communications between the Pune company and a U.S.-based exporter of dry fruits. By subtly changing the email address and bank account details, the attackers made the payment request appear legitimate. Trusting the authenticity of the email, the company director transferred ₹6.5 crore in five installments.
The scam came to light weeks later when the company contacted the U.S. firm, which denied receiving the payment. Upon closer inspection, the company discovered the fraudulent alterations in the email and bank account details. An FIR was promptly filed with the city’s cyber police.
Investigators are now tracing the money trail, which was dispersed across multiple accounts. Approximately ₹3 crore is yet to reach the suspects, and efforts are underway to recover the funds. Authorities have emphasized the importance of vigilance in verifying communication details, especially in financial transactions.
Senior Inspector Swapnali Shinde of the Cyber Police highlighted the need for businesses to adopt stringent verification protocols and educate employees about emerging cyber threats. She noted that the company director, despite being a regular importer of dry fruits, failed to notice the subtle changes in the email and account details, leading to the loss.
Businesses are urged to implement multi-layered security protocols, conduct regular employee training, and verify all financial communications to safeguard against such attacks. As cybercriminals continue to evolve their tactics, proactive measures and public awareness remain essential in combating digital fraud and ensuring the safety of financial transactions.
Get in touch
