Specialisation is increasingly seen as critical, and hackers agree. Rather than sending numerous, untargeted mails to ensnare vulnerable internet users, they are trying to limit their chase to a particular trade or practice.
Hackers have become shrewd. They research companies — what kind of businesses they are into, who are the key people, their e-mail ids, etc. Aiding them in the task is the fact that online security awareness levels in the trade are very poor.
Cyber police are beginning to get cases from granite, paddy, biscuits, pharma and tobacco. For instance, Indian Tobacco Traders (ITT), one of the oldest tobacco trading companies in Andhra Pradesh, has fallen victim to ‘Nigerian’ cyber fraudsters.
“The hackers broke into their e-mail and asked an importer in Bulgaria to remit the payment in Turkish and American banks. They (ITT) lost about Rs 2.5 crore,” a senior Cyber official of the State Government told
The hackers typically gain access to e-mail accounts by sending phishing mails (say from Gmail or Yahoo!) asking for their passwords. “After that they closely monitor the inboxes and outboxes, note down the language and terminology used. They even wait for up to four months to understand the business. Then they write mails asking the importer to pay in a different bank account (mostly abroad), citing some vague Income-Tax issues,” the official said.
ITT realised late that the payment was not received and approached the Bulgarian trader, who protested and related what had happened.
The State cyber authorities are helping the Tangutur police with the case. The police have registered cases under Section 420 of Indian Penal Code and Sections 65 and Sections 66-C of IT Act 2008.
This is not the only case. The police had averted a loss of Rs 2.5 crore for a pharma company that was about to be duped in a similar way.
Cyber cops ask businesses to be careful about phishing and spam attacks. “They should have two-step authentication for their e-mail accounts,” the official said.
In two-step authentication, apart from the regular password, the service provider sends a code to your registered mobile. Unless you key in this second-level security gate, it is not possible to open your account.
Businesses should not respond to mails that seek their passwords, the official said. They should also use digital signatures for authentication.