How new is the man in the middle method? The Electronic Crime Prosecution Directorate with a press release released informs professionals about incidents exscamthrough tampering with the communication flow of e-mail messages. The service also mentions the method used by fraudsters (Mon in the middle) to engage in online financial transactions and persuade victims to deposit money on their own account.
So here begins the tricks: We read on a large and "reliable" site of a well-known journalist that the man in the middle method is new….
We will not comment further because the fact itself means a lot to those who know, while those who do not know are very happy that the IOC discovered the new method of cheating man in the middle.Let's not spoil it…
We quote the press release:
The Greek Police's Electronic Crime Prosecution Directorate, in the context of its preventive actions, informs professionals to prevent and prevent their deception from ever-changing forms of deception via the internet.
Specifically, in the last period, they were impetuous using the "Mon in the middle", Intervene in parts of communication between traders and traders with overseas operations and persuade them to deposit money in bank accounts other than those initially agreed.
More specifically, the man in the middle is as follows:
-
The professional communicates via e-mail with his supplier abroad and agrees to make a transaction (ordering and repaying via bank account).
-
At the same time, the offender intercepts, using malicious software or other specialized techniques (e.g., recording communications data via unsafe Internet connections or catching phishing e-mail account access data), the content of e-mail conversations between the merchant and the supplier.
-
Next, the perpetrator, pretending to be the supplier, sends an email to the merchant using a addresse-mail address that is similar, but not identical, to the one used by the supplier (e.g. promitheftiss@email.com instead promitheftis@email.com ), requiring, for various reasons, payment of the order to be made in a different bank account than originally agreed.
-
The trader is persuaded and deposits the money into the new bank account belonging to the offender.
Note that if the trader does not understand the fraud in a timely manner, the offender may request, with various pretexts, the payment of extra money to his account.
In view of the foregoing, the Electronic Crime Prosecutor's Office urges professionals to be particularly cautious in the event of detecting such incidents in order to avoid their possible financial deception.
In particular, it consists of professionals:
-
when they are asked to pay money in a different bank account than they usually use, to do verification of the request, by telephone or other communication with the supplier,
-
to change regularly access their e-mail passwords and use two-step verification techniques to enter their e-mail;
-
to install the available upgrades and updates / security patches for their operating system and the programs and applications they use,
-
not to open links that are contained in emails or text messages (sms) from strangers, as these links may point to malicious web sites and / or cause malicious software to be installed,
-
to avoid installing programs and applications from unsafe sources,
-
to avoid connecting to unsecured free Wi-Fi networks, through which subtheft of their contact data,
-
to use secure and encrypted communication channels and
-
not to answer in emails where they are asked to disclose the access details (username & password) to their electronic accounts ("phishing" method).
More security tips and informational material are available on the site http: //cyberalert.gr/feelsafe
It is recalled that, for similar incidents, citizens can contact the Electronic Crime Prosecution Directorate at the following contact details: