In the MITM attack, a cyber attacker generally impersonates one of the two parties interacting and sends a message to the other party that believes it is a normal communication. The complainant’s company wanted to buy electronic goods and mailed to the foreign company about its requirement. The complainant’s company and the foreign company have been doing business for the last 10 years.
The unidentified accused, using a fake email ID which was similar to the original foreign company’s, sent an email to the city company. The mail informed the city company that the foreign company had opened a new bank account and that it should be used in future. The accused also provided details of the new bank account, said a police officer.
“The city company, which imports electronic goods, transferred Rs 54 lakh in February to the new account number provided by the accused. However, when it did not receive the electronic goods, its personnel called up the foreign company to inquire about it. The foreign company personnel told them that they did not receive any payment,” said police. This is when the city company’s personnel realised that they were cheated and approached the police. An FIR was lodged at the west region cyber police station.
The police are now collecting the details of the bank account to which the money had been transferred, and the internet protocol (IP) address of the fraudster’s email to get more information about the culprit.
When asked about precautions to be taken to prevent ‘man in the middle’ attack, Balsing Rajput, DCP Cyber, said, “To prevent such a fraud it’s better to communicate with the other company’s personnel before making any financial transactions. Moreover, after completing the transaction, one should again check if the transaction was done correctly and to the right company. In case of any suspicion, one must approach the police immediately,” said Rajput.