Fraud transaction through clever social engineering enabled Chinese phishers in successfully swindling an estimated $18.6 million from Tecnimont SpA’s Indian branch. With a cleverly written email that heavily resembles Pierrorberto Folgiero’s (the company’s Group CEO) was sent to Tecnimont Pvt Ltd, the phishers were able to persuade decision makers in the company’s India office to ‘acquire’ companies in mainland China.
The Mumbai Police’s Cyber Crime team received the formal complaint from Tecnimont Pvt Ltd. in an attempt to recover the lost amount if possible. Phishers persuaded the India branch to transfer funds in three batches last November 2018. The three tranches of bank transfers to Hongkong were to the tune of $5.6 million, $9.4 million and $3.6 million. The receiving bank account in Hongkong were withdrawn before it the illegal transaction were discovered.
Tecnimont SpA is a firm engaging in energy, chemical and engineering research under an umbrella organization named Maire Tecnimont. The company hired a forensic investigation in order to ascertain the techniques used by the fraudsters in order to pull off the scam, as the company refuses to admit that the case was a cyber attack issue, but rather just a traditional scam.
“This is a very serious case of electronic fraud by a very highly skilled group of international criminals working with high-end technology. We are working with the Mumbai Cyber Cell to investigate the matter and get to the bottom of this,” explained Zulfiquar Memon, MZM Legal’s Managing Partner, the legal firm hired by Tecnimont to be part of the investigating team.
As part of its disciplinary procedure, the Tecnimont fired their Indian branch lead, including the account and finance leads. As per initial checks, the writing style of the group’s CEO was mimicked by the phishers, which requires a constant surveillance in order to pull off.
“In addition to masking email addresses, hackers in the past have used malware to penetrate and monitor email communications. This enables them to gather information, learn writing styles and language used by a user in email communications and replicate them in the spoofed emails,” emphasized Dhruv Phophalia, managing director of Alvarez & Marsal India, a cybersecurity consulting firm when asked for comment.
In the initial result of the probe, it was revealed that the conference calls organized to ‘finalize’ the acquisition transactions were fake due to the use of unauthorized login IDs of the participants (the scammers themselves). One man named Luigi Corradi who were in the conference call died in 1921, was an Italian engineer in his day.
Phishing and online fraud are the two quickest ways for cybercriminals to earn a profit, as it only requires manipulation of the human weakness of ‘trusting’ acquaintances. It is much easier to pull-off requiring less time investment with the development of malware or other scams such as banking trojans. All companies should empower their employees with credible anti-phishing training during their new hire orientation week since they are the frontliners when it comes to defense against phishing and other social engineering attacks.