With the country’s financial year is to end in a couple of weeks, there is a word of caution for the big and small businesses as a new set of cyber fraudsters are active with an eye on the year-end transactions and final payments of the year.
The modus operandi this time is different. They are targeting the companies with a novel way of doing minor changes in the e-mail IDs, which may give the company employees a slip if they are not extra careful in reading between the letters.
A case of such nature has come to light in a Salalah Free Zone company in which the fraudsters have got access to some important documents, like details of due payments of the company clients and the company e-mail ID from which important correspondences are done for transactions.
Cleverly the fraudsters have done the changes in the e-mail ID. For security reasons the company did not share the actual e-mail ID but cited an example. “Suppose the actual ID is xxjohn@xxxCOMPANY.com in the name of the company, the fraudsters have replaced the company’s name with one of the e-mail service providers and made it email@example.com.
“They somehow have accessed our pdf invoices, which they attached with the mail and asked for the final or year-end clearance payment from one of our clients,” said a senior executive of the company.
“Luckily the client sensed something wrong in the mail and sounded us immediately. To our utter surprise we found our pdf invoices attached with the mail,” he said.
This happened three times in past four months. The company has sounded the IT authorities and waiting for the action.
The cyber attack, according the executive, has put the company in a fix as sometimes large scale transactions are involved, reminders for which are exchanged only through mails.
The company is also looking to strengthen the internal IT security to ensure safety of the documents and reduce any chances of vulnerability in this regard.