Email spoofing

Be-aware : 20+ Email spoofing cases in India in 2016 may shock you.

Email spoofing attacks in business is growing exponentially in India.

There has been more than 20+ known email spoofing cases in India in 2016.Importantly total amount of financial loss  due to email spoofing has created an alarming situation across businesses.

We are highlighting few of the cases to make everyone aware before your business becomes the next target.

15 CFOs in BKC get spoof emails for funds transfer:

TimesofIndia reported Bandra-Kurla Complex (BKC) cyber police are probing at least 15 instances of email spoofing scam. In all cases, chief financial officers (CFOs) of corporate houses have received fake emails ostensibly from their company managing directors, demanding urgent wire funds transfer.Cyber cops received the complaints over a span of three weeks from CFOs. Some of whom also executed the transfer.Spammers used to make minor alterations in emailIDs. They managed to create lookalike IDs.A CFO of an MNC became the latest victim of an email spoof when he transferred Rs 18.6 lakh from the company’s account to three unidentified bank accounts. The CFO did not verify the sender of the email who impersonated as the MD.

TOI again reported on June 30, 6 companies lost lakhs of rupees to hackers in one week.

Flipkart CEO, Binny Bansal email account got spoofed

Again EconomicTimes reported that Bansal’s email account was spoofed. Two emails were sent in his name to Flipkart’s CFO Sanjay Baweja on March 1 at 11.33 AM directing him to transfer $80,000. Surprised by the nature of the emails and their timing, Baweja cross-checked with Bansal, only to find out that they were a fraud.

Producer Ronnie Screwvala’s NGO loses Rs. 34 lacs over spoof emails

Another incident reported by Indianexpress reported July 5, 2016  – “Screwvala” asked the employee to transfer funds to a bank account. The official obliged and transferred Rs 20.20 lakh.The fraudsters sent more such emails later. After the NGO had transferred over Rs 34 lakh, the junior employees asked Screwvala about the e-mails and realized the fraud. A complaint was then lodged with the Cyber police station.

How can your organization protect from email spoofing?

When such cases are so frequent, you should know how to protect from email spoofing.

 If someone sent email messages using your email address as the From address, making it appear to recipients that they came from you, then sadly the answer is: not much to stop the spammer (unless you actually do know who is doing it), but there are steps you can take to minimize the impact. The first thing you should do is change your password, even if you are very sure that your account was not hacked or spoofed.

If spoofed address is in a domain that you own, then you should learn about Sender Policy Framework or SPF. Make sure that SPF is set up for your domain. If the email address belongs to a small organization, you may want to contact their administrators and ask whether they have set up SPF. If the address is in the domain of a large Internet provider or large company with full-time email administrators, you can be pretty certain that they already know all about SPF.

How we helped one of our client to fight against email spoofing?

A few days back, one of our Prospective customer received a proforma invoice from his vendor. Vendor asked them to raise a new proforma invoice for the discontinued stock. 
What  finance executive did  after receiving the request for raising a new  PO?

He consulted his Manager. The request was from a very old & trusted vendor. So he asked his subordinate to raise the new PO without checking the entire email address or moving his cursor on the email address of the sender.

What were the consequences of the entire act?

Company lost 15Mn USD!!!!

There is no way they could recover the lost amount even after raising complaints to the Cyber Cell. However, they learnt a very big lesson through this Email spoofing attack. They immediately reviewed various Email Security solutions.

They defined their pain areas clearly :

  • Protecting their digital asset ” Business Email” from such Email Spoofing attacks.
  • Protection from multi layered security peripheral including “Malwares” and Ransomwares.
  • Due to lack of expertise they wanted a complete solution provider who could consult, handhold at every single stage and successfully carry out the implementation process. Such kind of solutions need monitoring 24*7 *365 days a year hence the service provider should be available hassle free for any kind of queries or technical support.

Logix Infosecurity being into these domain since last 17 years easily addressed their pain areas. We implemented Logix Email Security solution with Advanced Threat Protection and won them as our “Valuable Customer”.

Act before you are targeted. Download Guide to make yourself aware about different security and threats.

email-security-download

 

4 thoughts on “Be-aware : 20+ Email spoofing cases in India in 2016 may shock you.

Leave a Reply

Your email address will not be published. Required fields are marked *