Belfast Telegraph

Email interception scam warning

Cyber criminals diverted £100,000 from a Northern Ireland company into illicit bank accounts, police said.

A "man in the middle" had been intercepting the firm's emails to a customer in Europe by adding an extra letter to the address, the PSNI added.

The force has established an icon on its website allowing businesses to report internet crime online.

Detective Chief Inspector Douglas Grant said: "This is a growing area of criminal activity and it is important that police are aware of it so that we can prevent and detect crime. At present, it is difficult to be precise about the full extent of the problem.

"However there are indications that it is increasing."

In one case a business was in regular contact with a customer in Europe via emails. The firm was made aware by the customer that £100,000 had been transferred to them for a piece of machinery but did not receive the money.

Mr Grant said: "Examination of the emails at both companies revealed that they had been corresponding with a person who had inserted themselves between the businesses to intercept their communications. This is known as a 'man in the middle' attack."

This was done by adding an extra letter to the email address which is easily overlooked. For example, becomes with two I's. The money was then diverted to illicit bank accounts, police said.

In another case a company director tried to log into a bank account and a message appeared saying the site was being updated. He tried several times but could not get in and only managed to log on to the account using a different computer device.

Four transactions had been transferred out of the account worth over £70,000. The bank was able to stop most of the transactions.

Trojan malware had been deployed onto the company's computer which had been accessed by clicking on an unexpected email containing an attachment often purporting to be an invoice, police added. In a separate case, a company with a major online presence was subjected to an attack known as ransom ware which involved their computer systems being infected with malware known as crypto locker. A pop-up window was displayed and requested 5 bitcoins be paid to restore their systems.

Police said: "This attack happened despite the company having firewalls and malware detection in place. It resulted in a substantial loss of data which almost resulted in the company going out of business."

Mr Grant said the trial facility being introduced on the PSNI website would allow the business community to make reports quickly and discretely.

"We would encourage reports about computer malware, ransom ware, network intrusion, denial of service attacks and anything which is posing a threat or causing concern to businesses."


From Belfast Telegraph