Lately —and increasingly often—, the members of IT&L Legal Consultants have been consulted by clients who refer having been victims of different cyberattacks perpetrated by hackers. These crimes have caused them significant economic losses, damages in their business relationships, and have become a serious threat to the security of transactions with their customers.
The most common type of attack consists in intercepting emails between providers and customers which contain instructions for the payment of invoices and altering the bank account details of the recipients of such payments. As a consequence of this fraud, when the client, in good faith, makes the payments, the transfers are accredited to different accounts than the ones indicated by the provider in the original mail or invoice; therefore, the amounts are not received by the correct recipient.
Given to the way they are carried out, this type of cyberattacks are known as “MAN-IN-THE-MIDDLE” (MitM), since the hackers intercept emails between the sender and the recipient, placing themselves “in the middle” of the communication by adulterating the data.
This modification is made directly on the mail server itself, and for this reason, the parties involved usually do not notice any type of change until it is too late. Generally, the fraud is discovered when the provider claims for the pending payment, and it is when the client sends the transfer receipt that the differences in the destination accounts arise.
Despite the various security systems and measures available, these cybercrimes continue to grow and are becoming more and more effective. For this reason, whenever you need to make a payment through electronic channels to accounts stated in emails, we recommend paying special attention to the verification with the provider of the identity and the address of the email sender, the authenticity of the invoices received by this means, and the details of the bank accounts where the funds should be transferred.
We hope you find this suggestion useful, and our team remains at your disposal to assist in any issues related to this type of cybercrime.
The team of IT&L