A company in Dubai has lost $53,000 (Dh194,700) after a cybercriminal hacked its email and then used a spoofed email to trick its client to wire the funds into an overseas bank in Finland.
Binu Manaf, CEO-cum-managing director of Cheers Exhibition in Al Quoz 2, said the money was intended to pay for an exhibition stand they had built for the upcoming GITEX event in Dubai.
“This is not a crude phishing attack, but one which involves a high level of sophistication,” said the Indian expat, according to a report by Gulf News .
Manaf said he didn’t realise the companyâs email account had been hacked until one of his clients enquired if he had sent out emails seeking payments into an overseas account instead of a local bank in Dubai.
“That set the alarm bells ringing because we hadn’t sent out any such email,” recalled Manaf. “As it turned out, our email had been hacked. Unknown to us, a cybercriminal had been scouring through all our correspondence containing details of ongoing contracts and outstanding payments,” he said.
“Once the fraudster had familiarised himself with our business operations, he impersonated our company by creating a spoofed email address that looked deceptively similar to our email,” said Manaf, showing email trails where the letter ‘i’ in the company’s actual email [email protected] had been cleverly replaced with the letter ‘l’.
Using the manipulated [email protected] email, the fraudster then contacted several of Cheers’ clients and instructed them to make payments to Nordea Bank headquartered in Finland.
“Since the difference in the emails was not apparent to the naked eye, a Russian client fell for it and unwittingly remitted $53,000 into the overseas account as advised. We had built an exhibition stand for him and were communicating with him for payments,” said the company’s managing partner Akna.
Manaf said the hacker’s ingenuity has left him shocked.
“To make his own emails appear genuine, the hacker spoofed the email addresses of my accountant and managing partner as well as they were also copied in all our correspondence. He even copied our email signatures and business logos. The invoice was also similarly forged,” said Manaf who is now contemplating adopting a two factor authentication including telephone calls to verify all future financial transactions.
How to avoid becoming a victim of email hacking 1. Alert your clients about changes in payment instructions: Let current and new clients know that your banking details will never change
2. Run Your antivirus programme: Run an end-to-end antivirus scan if you suspect your email account has been hacked
3. Change your passwords: Change your passwords every few weeks. Your new password should be markedly different from your old one. Avoid passwords that are tied to your name, birthday or similar personal statistics. Your password should be unique for each account, and contain a mix of letters, numbers and special characters
4. Notify people you know: Let your friends, family and anyone else on your email contact list know if you are account has been hacked.
5. Change your security questions: Many users choose the same answer to common security questions. Don’t do that.
Read More in Gulf News
LINK ORIGINAL: Pmnewsnigeria