Mumbai: The Central Cyber Cell intervened and seized Rs. 82.55 lakhs from a phishing email account, which was allegedly attempting to defraud a school by falsely claiming to be constructing a cafeteria. The perpetrator employed a Man-in-the-Middle cyber attack tactic to carry out the scam.
DCP (Crime) Datta Nalawade explained told that In a Man-in-the-Middle attack, the perpetrator exploits the websites of two contracting companies to create a phishing site, deceiving one party into sending funds to a fraudulent account.
The incident unfolded when a representative from a school in Tardeo approached the police to file a complaint.
According to the investigation, between February 23 and March 16, the school entered into a contract with Europhone Acoustics, a company based in the UAE, for cafeteria construction. After initiating the contract, the school sent an email to Europhone Acoustics' official email address.
An officer elaborated, "The perpetrator manipulated Europhone Acoustics' email address to appear authentic, instructing the school to transfer funds to a designated account. Consequently, the school transferred Rs. 87.26 lakhs to the perpetrator's account."
Upon contacting Europhone Acoustics to confirm the payment, the school discovered that the company had not received any funds, prompting the realization of the scam. "The school promptly reported the incident to the police, resulting in the freezing of Rs. 82.55 lakhs," stated the DCP.
The police have filed a case against an unidentified individual under sections 419 (Cheating by Personation), 420 (Cheating), and relevant provisions of the IPC and the IT Act.
What is the Man-in-the-Middle attack?
A man-in-the-middle (MITM) attack is a cyber attack in which a threat actor puts themselves in the middle of two parties, typically a user and an application, to intercept their communications and data exchanges and use them for malicious purposes like making unauthorized purchases or hacking.
Tips from Mumbai Police for avoiding cyber attacks, specifically the Man-in-the-Middle attack:
1. Ensure company computer equipment is regularly updated with advanced security technology.
2. Always verify email IDs twice before making transactions.
3. Alert the company immediately about any sudden changes in email IDs or bank details.
4. Double-check email IDs, account numbers, and IFSC codes during transactions.
5. Report any fraud incidents to 1930 promptly.
