(Information sent by the signatory company)
The cyber scam known as ‘man in the middle’ is yet another example of the extent to which cybercriminals are becoming more sophisticated in their techniques. A hoax that has already affected thousands of companies around the world, and that highlights the need to be vigilant and adopt preventive measures in an environment that is increasingly digitized.
Madrid, August 16, 2023.- The also known as CEO scam involves everything from the creation of accounts in the name of people whose identity the criminal is impersonating, to the intervention of communications between companies.
A crime in two phases
The scammer first tricks a person into getting their personal data. To do this, it usually publishes ads in which it offers work or sells some type of product.
With the excuse of formalizing the contract, he obtains a photo of his victim’s ID, and with this document he opens an online bank account in the name of the deceived person without the latter knowing it.
On the other hand, the hacker infects a company’s equipment and intervenes in its communications. When he considers that the right time has come, he alters the email sent by the supplier company to the client company. In that manipulated email, the account number in which the client entity must make the deposit to pay its provider has been changed for that account number that the criminal has created in the name of the person he has previously deceived.
In this way, the company pays its invoice, but the payment is not received by its creditor, but by the criminal who takes advantage of the time available until those involved realize what happened to transfer the money to a cryptocurrency exchange and do so. disappear.
The importance of acting as soon as possible
Man in the middle is a highly sophisticated scam that can take weeks for those affected to realize there is a problem.
What computer security experts advise is to prevent as much as possible by adopting all those measures that are known to be avoidable. For example, using a Wi-Fi password in the company that is difficult to detect, not connecting work computers to public networks or not downloading email files that come from unverified senders.
If prevention is not enough and the scam occurs, the fact must be reported to the Police or the Civil Guard. But, as Eduardo León Pavón from Mi Perito Informático advises, before taking action, you must put yourself in the hands of experts in digital evidence on the Internet.
Because the existence of negligence on the part of the client company, by not verifying the payment data, may mean that the responsibility of paying its creditor still falls on it.
The job of the expert is to demonstrate whether due diligence has been carried out, and whether or not it was possible for the company that wrongly paid the fraudster to know if it was being the victim of a hoax.
Faced with a highly complex scam like this, the experience of computer experts and specialized legal advice are essential to clarify responsibilities and seek an equitable solution that causes the least possible damage to the two companies that have been involved.
ContactContact name: Eduardo León – Mi Perito InformáticoContact telephone number: 34652992001