Cyber fraudsters are increasingly targeting businesses, not just individuals.
According to industry trackers, the number of cyberattacks targeting companies increased by around 30% in last 12 months. Police say the bank accounts where the amounts are diverted are also hacked, as it was in Deepak Nitrite's case in Malaysia. So even the account holder is not a beneficiary but a victim of such a fraud.
"There has been a tremendous jump in the number of cases where Indian companies are targeted. Often the account holders in the Nigerian fraud cases are unaware of these frauds and in most of the cases are themselves victims of fraud," said Sadanand Date, joint commissioner of police, crime, Mumbai.
He's using the short-hand commonly used for such fraud, which usually involves an email seeking help in extracting money out of Nigeria for a huge share in the booty.
Investigators say that fraudsters mimic email accounts of company officials to convince customers or bankers. In another case registered with the Mumbai police, Memon Exports, a small trading firm got cheated of Rs 38 crore in a similar manner. But the fraud is not just limited to money. Recently, a Bengaluru-based IT company came to know that information related to around 1,000 of its employees had been stolen.
Specialists say that Indian companies are simply not prepared to tackle the cyberthreat. "Firms are still using older legacy systems which are simply not equipped to deal with the sophistication of attacks we are seeing today. The cybercrime cost to India was $4 billion in 2013," said Anil Bhasin, managing director, India and Saarc for Palo Alto Networks, an American network security company Investigators say scamsters know exactly when transactions are supposed to happen.
"What is really worrying is that there exists a market where hackers can sell stolen information. The buyers could be fraudsters who want to make a quick buck, competitors or the company whose data was stolen or sometimes some telemarketing companies," said Reshmi Khurana, managing director, Kroll India, a corporate investigations and risk consulting firm.
Industry trackers say that often the email accounts of employees are stolen after extremely personalized emails are sent to them. In one instance, a CEO of a company was sent an email mentioning cancellation of tickets to Europe, where he was travelling. When the CEO clicked on the email, his account was hacked without his knowledge. The next day an email was sent to the finance department to immediately transfer a sum of Rs 20 crore to an account in South Africa.
"Larger companies, due to their larger assets, will always be a more attractive target. However, we are also seeing cases where smaller companies were targeted to get access to larger companies, as was the case of the Standard Chartered breach this time last year," said Bhasin. In December last year, Standard Chartered said that "hackers and thieves" stole confidential information of its "wealthy clients."