Nykaa Email Spoofing Case

Nykaa Email Spoofing Case

( 3 min read )

Nykaa Loses 62Lakh To Cyber Fraud

Most of the times, it is the individual shoppers and customers who are at the victim end of the cyber fraud stick. Cyber criminals are always on the lookout for ways to dupe online shoppers out of their way. There are fake forms and phishing pages for this. Very rarely does it happen that the online seller is the one getting scammed. But this is exactly what happened with Nykaa, an eCommerce vendor selling cosmetic products.

Fortunately, there has been no leaks when it comes to customer data. However, this does not mean the case is not worth studying. Read more on how a retailer came under the crosshairs of a cyber fraud.

Spoofed Emails Are A Major Challenge

Fraudsters tricked Nykaa by spoofed emails which redirected Nykaa’s payment intended for one of its Italian suppliers to their own bank accounts. How did this spoofed email work? The criminals imitated a valid supplier’s email address. Emails from such an address would’ve appeared as authentic, as the sender’s address clearly showed a real supplier’s email address. In the March of this year, the supplier had sent Nykaa an intimation of a ready order, along with an invoice. However, due to the outspread of Covid-19, it wasn’t feasible for the consignment carrying flight to enter India. As such, Nykaa was forced to delay the acceptance of the goods. Therefore, the payment too was postponed.

The fraudsters sent a fake email to Nykaa, asking the cosmetics retailer to redirect the payment to another bank account. They gave taxation as a reason for this change of account. It was only afterwards when Nykaa asked for confirmation of the payment did it find out their grave mistake. The original Italian supplier denied all claims of such an email. The sum was of an astounding Rs 62 Lakh, which could never be recovered, as it was already too late when the cat was out of the bag.

Do I need to be worried?

This case makes it clear that cyber-crime can happen to anybody. No matter whether you are an individual, a small business operator, or the owner of a large business conglomerate. There are a couple of things you can do to make sure such a scam does not occur with you.

  1. Email Language and Wording

Spoofed emails are likely to be poorly constructed, with a verbosity different from what you are used to from that particular vendor. If in doubt, you can always ask for a confirmation on the email id you know belongs to that supplier.

Also, do check the messaging in the email, you can report or act on any suspicious activities noticed like – supplier creating urgency for payments or changed bank accounts.

  1. Finding the true sender’s address

The value in the ‘from’ address needs to match the one displayed by the label name. You can easily check this out by hovering over the email label name.

  1. Establishing a proper protocol for releasing funds

Invoices are so mundane for a business that no business owner wants a headache tracking each of them for a validity. That is why when paying off supplier’s the accountants are almost on auto-pilot mode. It is impossible to scrutinize every invoice. But that’s how the scams dart in through the cracks.

See How Logix Handles This Type of Threat

We modify our offerings to offer a fool-proof solution to the prevalent problems. Our Email Auto Protect solution can take care of all invoicing related threats. Logix Email Auto Protect prevents invoice fraud cases by establishing a secured process between supplier and buyer. With Rights Protected protocol, the invoice is only shared with the intended recipient eliminating any chance of invoice manipulation. Invoice sent through the Email Auto Protect has watermark and can be accessed only with limited rights.

Want to know if we can meet your particular needs? Write to us to find out!

Leave a Reply

Your email address will not be published. Required fields are marked *