Cyber Incident Victim: Pune-based engineering company
Date:
Aug 2020
Location:
India
Summary
A Pune-based multinational engineering company lost 56,000 euros in a man-in-the-middle cyber attack during a transaction with a German firm, where fraudsters impersonated legitimate parties via deceptive emails and redirected funds to a criminal account. The company realized the deception after transferring the amount, prompting a criminal case under IT Act and cheating provisions. Similar incidents previously affected multiple local companies, leading to police advisories emphasizing email security updates, staff training on cyber fraud, and mandatory verification of altered payment details through direct communication. Authorities investigated the fraudulent account and email traces while highlighting recurring vulnerabilities in business email compromises.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August and September 2020, a multinational engineering company headquartered in Pune engaged in a transaction with a German counterpart. During this period, cyber criminals executed a 'man-in-the-middle' attack by compromising email accounts associated with the business communication. The attackers obtained detailed information about the ongoing dealings and created fraudulent email addresses closely resembling those of the legitimate participants. Through these spoofed accounts, the hackers falsely informed the Pune-based company that the German firm’s original bank account was non-functional due to technical issues and instructed them to redirect a payment of 56,450 euros to a new account. Believing the instructions to be authentic, the Pune company transferred the funds—equivalent to over ₹50 lakh—to the fraudulent account. The deception was discovered after the payment was completed, when company officials realized they had sent the money to an unauthorized recipient. On December 29, 2020, following a preliminary inquiry by the Pimpri Chinchwad Cyber Crime Cell, the company filed a First Information Report at Pimpri police station. Authorities registered a criminal case under Section 420 of the Indian Penal Code (cheating) and relevant provisions of the Information Technology Act. Senior Inspector Milind Waghmare confirmed the launch of an investigation focusing on the fraudulent email trails and bank account details used by the attackers.
This incident mirrored a pattern observed in the Pimpri Chinchwad jurisdiction during the latter half of 2019, when at least four companies lost thousands of dollars to identical 'man-in-the-middle' email compromises. In two 2019 cases, the Pimpri Chinchwad Cyber Crime Cell successfully facilitated the recovery of approximately ₹50 lakh (or its dollar equivalent) defrauded from local companies. Police attributed such attacks to inadequate updates of email security features and overreliance on email as the sole communication channel for financial instructions. After the 2019 incidents, local law enforcement had issued a five-point advisory urging companies to regularly update email security protocols, implement digital signatures, train accounting staff on cyber fraud risks, verify payment account changes through direct voice communication with authorized personnel, scrutinize email domain authenticity, and promptly report incidents to cyber crime authorities. The 2020 Pune engineering company case reactivated these recommendations as part of the investigative response, though no recovery of the lost funds was reported at the time of the December 31, 2020, article. The incident disrupted the company’s transaction with the German entity and underscored persistent vulnerabilities in business email compromise schemes within the region.