Haryana hackers defrauded ISGEC Heavy Engineering company and nicked an amount of INR 1.05 crore. These hackers intruded upon ISGEC’s communication with foreign suppliers in France and Germany.
Anil Sunder, VP, material department of ISGEC, gave direction to the legal action that unraveled. The investigative authorities focused their attention on a London-based bank, which was used to funnel the money. Police in Haryana, Yamunanagar to be precise, charged the bank on two separate counts: cheating and criminal breach of trust as per the Indian Penal Code (IPC) and also on account of illegal activities as stated in certain sections of the Information Technology (IT) Act.
More Details of the Case
Anil Sunder’s official complaint for the theft related to the German supplier:
“ISGEC Heavy Engineering Limited, Yamunanagar deals in manufacturing of heavy engineering goods. Our company placed an order to purchase naval brass plates with a company of Germany on November 3, 2020. During this communication process, the unknown fraudsters monitored our emails and hacked the accounts. The fraudsters sent spoof emails to our purchase officer, who treated them as genuine emails of the company with which a purchase order was placed. Treating the spoof emails as genuine, our company, through an Indian bank, transferred Euro 34,431 (Rs 30,08,236) in the bank account of the fraudsters on November 20, 2020.”
Anil further explains how his company had placed an order for importing engineering goods from their regular suppliers in France. The Haryana hackers tracked this email communication between the two companies. Once they were well-versed with the patterns of emails and their general ‘style’ of language, these hackers spoofed valid email accounts and sent fake emails to ISGEC’s manager. The email was a replica of a valid invoice which the French company used to send, but this time, the bank account details were changed.
“Our company transferred the payment of Euro 86,503.37 (Rs 75,11,520) in [the hacker’s] bank account on October 10, 2020,” says Anil.
The Blame Game Was Played
The London bank was involved in creating fake accounts (unknowingly) at the request of the Haryana hackers. The bank did not perform the necessary fact checking and verification with due diligence, ultimately playing a role in the theft of money from ISGEC.
“We have registered a case against a London-based bank manager and unknown fraudsters who hacked the email communication of the complainant firm and siphoned off about Rs 1.05 crore in a fraudulent manner and started investigations.” – Yamunanagar City Police Station House Officer (SHO) Subinspector (SI) Satpal Singh.
But did it help?
There’s a saying in the Marathi language which translates to: “Don’t douse a fire after it’s already whittled down to smoke.” After the theft has already taken place, what is the point of assigning blame and lamenting the errors that could have been prevented? It is only in the rarest of cases that the lost capital is recovered.
Only two approaches work in the face of such invoice fraud cases:
1. Updated knowledge of the current scenario of cyber security.
2. Prevent the attack from happening in the first place.
Invoice fraud cases are becoming dangerously common, and are causing in massive amounts of money to be siphoned off into hackers’ bank accounts. Recognizing this growing concern, Logix recently launched its Email Auto Protect service, which works exceptionally well when coupled with a few stringent protocols. By establishing a few set processes in the way your organization, and implementing Email Auto Protect, you can stop virtually all invoice fraud attempts. We’re also offering a demo of the service. Why not take advantage of this opportunity?