A Pune-based automobile parts manufacturer has lost a staggering ₹2.35 crore (approximately US$280,000) in a sophisticated “man-in-the-middle” (MITM) cyber attack, highlighting the growing threat of Business Email Compromise (BEC) scams targeting Indian enterprises. The fraudsters successfully impersonated an Italian manufacturing firm, intercepting critical business communications and diverting a large payment to a fraudulent account.
The fraud began when the Pune company was in the process of procuring a press bending machine from an Italy-headquartered multinational manufacturing firm, valued at 320,000 Euros (around ₹3.1 crore). According to the FIR filed by the 52-year-old director of the victim company, an initial 25% advance payment (approximately ₹75 lakh) was made to the legitimate Italian firm in April and May, confirming the order.
However, cybercriminals infiltrated the communication channel, meticulously observing the transaction’s details. Shortly before the scheduled payment of the remaining 75%, the Pune firm received an email, deceptively similar to legitimate correspondence from the Italian supplier.
This fraudulent email claimed that the Italian company’s bank account, based in Milan, was temporarily non-operational and provided new, alternative bank details for the remaining payment. The attackers had used a fake email domain that closely resembled the genuine Italian firm’s domain, employing “domain spoofing” or “typosquatting” techniques to evade immediate detection.
Failing to detect the subtle deception, the Pune company proceeded to transfer the remaining ₹2.35 crore in two separate installments during the first and second weeks of June to the fraudulent bank account controlled by the cybercriminals.
The massive financial loss came to light only when officials from the Pune firm sent photos of these payments to the genuine Italian sales executive, who then confirmed that no such change in bank details had been requested and the payments had not been received by their company.
The victim firm promptly lodged an FIR with the cybercrime police station in Pune city, initiating a formal investigation into the elaborate scam.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
