ONGC not alone: 15 corporates lost huge sums to ‘email-tweaking’ fraudsters in one year

According to police, at least 15 corporates lost large sums after they were defrauded in a similar manner in Mumbai this year alone.
The Oil and Natural Gas Corporation (ONGC) that fell victim to fraudsters, who managed to tweak their e-mail address and defraud them of Rs 197 crore, is not the first company to be duped in this manner this year. According to police, at least 15 corporates lost large sums after they were defrauded in a similar manner in Mumbai this year alone.

Last month, fraudsters duplicated the e-mail address of an ONGC employee by just changing the order of ‘ongc’ to ‘ognc’ in the domain name. The fraudsters, posing as an ONGC representative, then established communication with a Saudi-based oil company Aramco to which they had delivered naptha (flammable liquid hydrocarbon mixture) worth Rs 197 crore earlier and were awaiting payment. The fraudsters told Aramco to transfer the money to their Bangkok-based bank account instead of their State Bank of India (SBI) account thereby defrauding them of the large sum. A senior police officer said that in the past one year, this trend of getting access to corporate email addresses mainly from import-export circles has grown with at least two cases being reported at the cyber police station each month.

“What makes it worse is that normally such cases involve big amounts,” the officer said. Vicky Shah, a cyber expert, said that this particular modus operandi has been used over the past two years. “What has changed, however, is the type of industries that has been targetted by these fraudsters. At present, shipping companies are being targeted. Nearly three months back, it was agro-products companies, and three months before that, it was airline ticketing companies that lost money to these fraudsters,” Shah said.

A police officer formerly associated with the cyber cell said that in the past, when such cases were registered, they could track down the money only in cases where the fraudulent money was transferred to bank accounts in India. “In this particular case, since the amount has been transferred to a Bangkok-based bank, it will be difficult for police to track it down,” the officer said. Explaining the reason behind this, he said that when it comes to banks in India, they immediately accept instructions of the police and freeze the bank account. They can also get details of people who opened the bank account. However, banks abroad are not as cooperative. The officer added that in such cases, it is either inside information leaked by a company employee or the accused track websites of companies involved in international trade. “Earlier we found the involvement of some people from Nigeria in the fraud. However, there are several international groups that use a similar modus operandi.”


If you have an interesting article / experience / case study to share, please get in touch with us at editors@expresscomputeronline.com

business lossescyber attacksongctheft
Comments (0)
Add Comment