Mumbai: The Vanrai police have registered a case on March 20 after the financial officer of a leading stationery brand ‘BIC Cello India’ became the victim of a cyber crime. On March 15, the financial officer of the company, headquartered at Lotus Corporate Park in Goregaon (east), received an email impersonating as the company’s Chief Executive Officer (CEO) Ranjeet Das.
In the email, the swindler had asked the financial officer Navneet Purushottam Agarwal (40) to transfer Rs. 13.22 lakh from company’s HDFC bank account to another account in ICICI bank. Considering the mail coming from his boss, Agarwal made online transfer of the said amount during 10:15 am and 3:30pm on March 15 to the ICICI bank account and went to the company’s CEO to inform the same.
“The CEO was shocked to know as he had not sent any email to Agarwal to transfer the fund. After thorough check, the company realised that it has become the victim of CEO scam in which the swindler had created an email id similar to company’s CEO to dupe the financial controllers of the leading stationery brand,” said senior inspector of Vanrai police station Jyotsana Rasam.
“On March 20, Agarwal reached our police station and registered case. The investigations are underway,” she said. The cyber expert believes that such cyber crime is called ‘CEO scam’ in which the cyber criminals use a technique called ‘email spoofing’ in which they alter the alphabets in the email ids to fool people.
“CEO scam is well organised social engineering scam in which the swindlers send an email that appears to originate from CEOs, bearing instructions to transfer funds into nominated bank accounts,” said Ritesh Bhatia, cyber security expert. “So whenever the financial departments receive such email, the concerned person should immediately call the CEO to ask if he/she has sent any such mail. And if the CEO is not reachable then simply don’t transfer the fund,” suggested Bhatia.
Cyber expert advice
. The companies must use email programs with whitelisting option to blacklist fake ones
. Don’t proceed till you haven’t spoken to the person who asked you for payment
. Check again if the email id is correct.