An MITM attack refers to a cybercrime wherein the attacker hacks into a company’s email account, gathers information about transactions with other firms, and then poses as one of them in order to siphon the money being transacted between the two.
According to police, the complainant company, based in the city, had sold sprouts to a client company based in Madhya Pradesh (MP).
On January 17, the city firm emailed the GST invoice to the client and was to receive a payment of ₹20 lakh in return. On January 23, the client made the payment through a bank transfer.
Later that evening, the firm called the client to check on the status of payment. While the client claimed that the money had already been transferred, the company said it did not receive the payment.
Realising that it had been duped, the city firm approached the cyber police. “We immediately got in touch with the bank and froze the account to which the money had been transferred before it could be withdrawn by the accused,” said an officer from the BKC cyber cell.
Explaining the modus operandi, the officer said, “The accused hacked the email id of the client company. After reading and copying the contents of the invoice sent by the Mumbai-based firm, the accused deleted it. The accused then created a new email id, identical to that of the Mumbai firm.”
“Using the fake email id, the fraudster sent an email to the client company with the same contents, but a different bank account. The money was then transferred by the client into the accused’s bank account,” the officer said.
Officers from the BKC cyber cell have advised the client company to file a complaint with the local police in MP.