In what appears to be a cyber scam being described by investigators as the “man-in-the-middle attack”, a prominent construction technology company in Pune was duped by online fraudsters to the tune of Rs 13.8 lakh.
The company’s assistant manager lodged the first information report (FIR) in this case at Mundhwa police station on Sunday.
Senior police inspector Ajit Lakade, the investigating officer, said about a year ago the stone-crushing machine at the firm got damaged and its officials started communicating over email with another company that supplies stone crushers.
Meanwhile, the police said, a representative of the construction technology company received a communication from a fraudulent email address, which resembled the genuine email address of the other party. This fraudulent communication asked the representative of the construction tech company to make the party’s payment by transferring money into an account in “Lloyds Bank PLC” bank. Accordingly, a payment of Rs 13,80,772 was made through an online transaction into this bank account between May and August 2022.
Later, the police said the construction tech company did not receive the product for which it had made the payment. After realising that they have been defrauded, company officials filed a complaint with the Pune city police.
“Cyber police station has verified the complaint and forwarded it to Mundhwa police station for further investigation,” said Senior Inspector Lakade.
The police have booked the unidentified accused persons under sections 419, 420, 34 of the Indian Penal Code and sections of the Information Technology Act.
Officers are probing into two email addresses used by the cyber fraudsters to communicate with the construction company officials in Pune. The police are also investigating the bank account to which the company transferred the money. Investigators suspect the bank account belongs to cyber criminals or their associates.
The police explained that such ‘man-in-the-middle’ cyber attacks start with the hacking of email accounts of either of the parties involved in a business transaction. Through the intercepted communications, the hackers can get detailed information about ongoing business dealings. The online fraudsters then create an email account closely resembling the participant’s email address. Through the fraudulent email, it is communicated that the original account of the other participating party is non-functional and so the deposit should be made to another account belonging to the hackers. There have been multiple incidents of ‘man-in-the-middle’ cyber attacks previously too.