Cyber Criminals Hi-jacking email conversations to divert payments

Since March 2017, Informant Networks has been noticing a combination of a cyber and physical social engineering attack at 3 different companies in the Udyambag Industrial Area in Belgaum. The modus operandi of the criminal group is to hijack email conversations between two businesses and intervene at the point at which financial transactions are supposed to take place.

The attack starts by compromising the email account of one of the two business entities that are normally known to do business, the attacker at this stage just observes the email exchanges between the representatives of the two companies being attacked, once the conversation has come to a finish or when matters of payments are being discussed, the attacker starts impersonating the receving party in the financial transaction and provides a new account number for the funds to be transferred.

We have your email.

The attackers here take advantage of previously established trust between the two companies and requests for payments to be done to a new account and not to the previous account which would be the account of the legitimate business.

Once the funds are transferred to the attackers account. the money is withdrawn almost immediately and all trails are cold. This combination of a cyber and physical attack is lethal since it takes advantage of a previously established trust.

In these situations it is advisable to reach out to a previously known contact over a previously used phone number and cross check for theĀ correspondence by a new individual claiming to be from the same company.