Thought Leadership
Cyber criminals have stolen a six-figure sum from a company in Iserlohn using a sophisticated man-in-the-middle attack. The case once again shows the growing threat posed by professional email scams.
The perpetrators initially gained undetected access to the email traffic between two companies, as reported by WDR. This “man in the middle” attack enabled them to read and manipulate all business communications. It is not known which companies were involved.
The fraudsters used a sophisticated approach: After the victimized company sent genuine invoices, they immediately sent out fake versions with manipulated bank details. In the fraudulent emails, they referred to an alleged change in the bank account details.
The highly professional nature of the procedure makes it almost impossible for customers to recognize the fraud. In addition to the manipulated IBAN, the forged invoices also contained altered contact details to prevent queries.
Prevention recommendations from the police
The police advise particular caution when receiving messages about account changes. In the event of such notifications, the biller should always be contacted by telephone – using the known, verified contact details and not the number given in the e-mail in question.
