2 weeks Ago By Gitesh Shelke
Pune: Police fear it may be one of the biggest cases of cyber fraud to ever strike Pune. The director of a Mohammedwadi-based firm, involved in IT services and imports of dry fruits, ended up transferring Rs 6.49 crore to crooks in a Man-in-the-Middle (MitM) cyber attack on March 27.
MitM is a type of cyber fraud in which an attacker intercepts and relays communication between two parties, making it appear as if they are communicating directly with each other. The attacker can eavesdrop on the conversation, steal sensitive data, or even impersonate one of the parties. According to the police, the 39-year-old company director was at his home in the NIBM Road area when he received an email on the company ID from another firm he did business with about a payment request.
He then initiated the transaction believing the email request was legitimate and even told the bank to clear the payment. But later, when he contacted officials of the other firm, they denied receiving the amount. The company director then checked the email he had received and discovered fraudsters had made two slight alterations - they had changed one letter in the other company's email address and its bank account number.
The victim failed to spot both changes, cyber police said. Senior inspector Swapnali Shinde of Cyber Police told TOI the company was set up a few years ago. She said: "It has two divisions, one for IT services and another for importing dry fruits.
The company director would import the dry fruits from different countries, including the United States and those in the Middle-East. On March 27, he received a payment request from an exporter of dry fruits based in the US. The email demanded payment of nearly Rs 6.
5 crore. The victim, thinking it was for the almonds he'd recently imported, initiated the transaction." Shinde said by the time the company director discovered the changes in the US exporter's email ID and bank account details, it was April 17.
On April 23 (Wednesday), he filed an FIR with city cyber police. "Officials from his bank called him to verify the transaction, but he told them to proceed. The amount was across in five transactions," Shinde said, adding that the online ledger of the other company had only the first few letters of its name and the account number.
"The victim did not realise that the account number of the company, with whom he had regular business with, was changed. He just clicked on the button and initiated the transactions," Shinde said. Investigators said they were now analysing the accounts the money went to.
"The cash went to several accounts. We're still trying to establish a trail. As of now we can say that about Rs 3 crore is yet to reach the suspects.
We will try our best to salvage the money," Shinde said..
