Chinese Hackers Dupe Indian Arm of Italian Company, Steal Rs 131 Crore

The fraud, reportedly an act of Chinese cybercriminals used phishing emails – a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by sending phony emails.
Chinese Hackers Dupe Indian Arm of Italian Company, Steal Rs 131 Crore

Unknown Chinese nationals reportedly demanded transfer of a large sum of money under the guise of group CEO for a "confidential" merger and acquisition venture.

Cyber fraudsters syphoned off Rs 131 crores (18.6 Million USD) from an India-based arm of an Italian company, following which a case has been registered in the matter.

The fraud, reportedly an act of Chinese cybercriminals used phishing emails a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by sending phony emails.

Tecnimont Private Limited (TCMPL), which said it lost Rs 131 crore in the cyber attack, has its registered office in Malad, Mumbai.

The complaint filed by the company on January 5 indicated that the company's former chairman and managing director (CMD) Mario Ruzza was contacted by alleged Chinese nationals through email Ids, which were similar to the group CEO's email.

Unknown Chinese nationals reportedly demanded transfer of a large sum of money under the guise of group CEO for a confidential merger and acquisition venture.

Ruzza received emails allegedly from an email ID almost similar to that of the Group CEO Pierroberto Folgierro on November 13 last year.

Emails sent to Ruzza mentioned that the emails were of highly confidential matter, the situation required the high level of confidentiality and secrecy and Ruzza should create another email id to communicate with the Group CEO on the CEO's private email account.

Ruzzo then reportedly created an email ID as suggested by the unknown persons who had been trying to impersonate the CEO.

Further, in another email, the accused told Ruzzo that a confidential acquisition and merger transaction was being initiated by the company for the gain of shares of a large Chinese group and for the same he needed to communicate with a lawyer named Luigi Corradi.

The email said that Corradi's firm had been assisting TCMPL since the transaction was initiated and funds needed to be transferred to them for finalising the deal.

The fraudsters said that due to fiscal reasons, funds couldn't be transferred from the Italy-based head office of the company and told Ruzzo that funds needed to be transferred from India-based accounts of the company.

Corradi spoke to Ruzzo over the phone, communicated through emails and submitted an invoice worth Rs 5.6 million dollars to be transferred to an account.

Ruzzo then asked the head of company accounts Mohan Sawant to process the transfer of funds.

Funds were transferred to the accounts mentioned by Corradi M/s Ouker Industry and Trade Ltd based in Taizhou Zhejiang in China. Subsequently, another invoice was raised for which transfer of 9.4 million dollars was approved by Ruzzo to M/s KEI CHENG (HK) Co Ltd based in Hongkong on November 15.

This transfer was also intimated by the fraudsters posing as Folgierro through email to Ruzzo. The transfer was signed by Sawant and Ruzzo. Another email for transfer of USD 3.6 million was received by Ruzzo from the same impersonator and funds were again transferred.

All the payments were carried out through swift transfers to accounts of different banks.

On November 22, the accused impersonator again tried to extract payment of 2.8 million dollars which he reportedly mentioned in the email as required for payment for fine imposed by Italian financial markets regulator on the company.

However, it could not be carried out as the chairman of the group arrived and uncovered the fraud by noon. A total of 18.6 million dollars or Rs 131 crore was stolen.

A complaint has been filed by the managing director and an authorized representative of TCMPL, Sathiamoorthy Gopalsamy. A copy of the complaint has also been marked to the Joint Commissioner of Police, Economic Offenses Wing (EOW) of Mumbai police.

What is phishing?

Using masked or similar email addresses for phishing is one of the oldest tricks used by cyber fraudsters, but this particular fraud was executed in a very systematic manner where an actual person also spoke to company's representatives and directed them.

The accused who were involved knew intricate details about the company's businesses and operations along with complete hierarchy and structure of the company.

Despite several attempts to reverse the transactions, the paid amount couldn't be retrieved.

Related Stories

No stories found.
logo
Since independence
www.sinceindependence.com