In a recent incident highlighting the growing threat of cybercrime, a Pune-based automobile parts manufacturer suffered a significant financial loss of ₹2.35 crore due to a sophisticated man-in-the-middle (MITM) cyber attack. Cybercriminals impersonated executives from an Italian manufacturing firm, intercepting business communications and redirecting substantial payments to fraudulent accounts.
The Deceptive Scheme
The Pune company, specializing in the production of automobile parts, machining fixtures, drilling trolleys, and customized components, had initiated a transaction to procure a press bending machine from an Italy-based multinational manufacturer. The machine was valued at 320,000 Euros, approximately ₹3.1 crore. As per the agreement, an initial payment of 25% (around ₹75 lakh) was made in April and May 2025, with the remaining amount scheduled for payment upon delivery.
Unbeknownst to the Pune firm, cybercriminals had infiltrated the email communications between the two companies. Employing advanced email spoofing techniques, the attackers created a fraudulent email domain closely resembling that of the legitimate Italian company—a tactic known as domain spoofing or typosquatting. This allowed them to monitor and manipulate the ongoing correspondence without detection.
Execution of the Fraud
Shortly before the scheduled payment of the remaining 75%, the Pune company received an email from the spoofed address. The message falsely claimed that the Italian company’s Milan-based bank account was temporarily non-operational and provided alternative bank account details for the transfer. Trusting the authenticity of the communication, the Pune firm secured a loan of ₹2.25 crore and proceeded to transfer ₹2.35 crore to the fraudulent account in two installments during the first and second weeks of June 2025.
The deception came to light when the Pune company’s officials contacted the genuine Italian firm’s India-based sales executive to confirm receipt of the payments. It was then revealed that the funds had been diverted to a fraudulent account. Realizing the extent of the fraud, the Pune firm promptly filed a First Information Report (FIR) with the cybercrime police station, initiating an official investigation into the matter.
Understanding Man-in-the-Middle Attacks
A man-in-the-middle attack is a form of cyber intrusion where an attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. In this case, the attackers exploited the lack of end-to-end encryption in standard email protocols and the absence of robust email authentication mechanisms such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance).
By monitoring the email exchanges, the cybercriminals gathered detailed information about the ongoing business transaction. They then crafted convincing proforma invoices and communications that closely mirrored legitimate documents, thereby deceiving the Pune firm into transferring funds to the fraudulent account.
Preventive Measures and Recommendations
This incident underscores the critical need for businesses to implement stringent cybersecurity measures to protect against such sophisticated attacks. The Pune and Pimpri Chinchwad cybercrime police stations have issued advisories emphasizing the following preventive strategies:
1. Regular Security Audits: Conduct periodic reviews of email systems and communication protocols to identify and rectify vulnerabilities.
2. Employee Training: Educate staff, especially those in accounting and finance departments, about various cyber fraud tactics, including email spoofing and phishing schemes.
3. Verification Protocols: Establish procedures to verify any changes in payment instructions through direct communication channels, such as phone calls or face-to-face meetings, rather than relying solely on email correspondence.
4. Email Authentication Mechanisms: Implement SPF, DKIM, and DMARC protocols to enhance email security and prevent domain spoofing.
5. Multi-Factor Authentication (MFA): Require multiple forms of verification before processing significant financial transactions to add an extra layer of security.
6. Encryption: Utilize SSL/TLS encryption for all email communications to protect against unauthorized interception.
Broader Implications
This case is not an isolated incident. Similar cyber frauds have been reported in the region, affecting various businesses:
– Pimpri Chinchwad Firm Loses ₹7.2 Crore: An automobile components company was deceived into transferring ₹7.16 crore after a fraudster posed as the firm’s director and instructed the accountant to make the transfer. ([timesofindia.indiatimes.com](https://timesofindia.indiatimes.com/city/pune/pimpri-chinchwad-firm-loses-rs-7-2cr-to-ceo-fraud-after-accountant-transfers-money-on-instructions-of-director/articleshow/120595433.cms?utm_source=openai))
– Pune Company Loses ₹6.5 Crore: A firm dealing in IT services and dry fruit imports fell victim to a man-in-the-middle attack, resulting in a loss of ₹6.5 crore. ([timesofindia.indiatimes.com](https://timesofindia.indiatimes.com/city/pune/pune-company-loses-rs-6-5-crore-to-man-in-the-middle-cyber-attack/articleshow/120595690.cms?utm_source=openai))
– Analytics Firm in Pune Loses ₹2.34 Crore: Cybercriminals impersonated the firm’s Canada-based CEO, leading to a loss of ₹2.34 crore in a whale phishing attack. ([indianexpress.com](https://indianexpress.com/article/cities/pune/pune-firm-whale-phishing-attack-9903997/?utm_source=openai))
These incidents highlight the evolving tactics of cybercriminals and the necessity for businesses to stay vigilant and proactive in their cybersecurity efforts.
Conclusion
The ₹2.35 crore fraud experienced by the Pune auto parts firm serves as a stark reminder of the vulnerabilities present in digital communications and the importance of robust cybersecurity practices. By implementing comprehensive security measures, conducting regular audits, and fostering a culture of awareness and vigilance, businesses can significantly reduce the risk of falling victim to such sophisticated cyber attacks.
