From: Ketharaman Swaminathan

To: punemirror.feedback@punemirror.com

Dated: 5 December 2021

Subject: Not a sweet deal for Haldirams | Letter to Editor

Dear Editor of Pune Mirror:

This has reference to the article entitled “Not a sweet deal for Haldirams” in Pune Mirror dated today.

Contrary to the author’s claim, there’s nothing new about the technique used by the cybercriminal to carry out this theft.

Called “Business Email Compromise”, this has been a common tactic used by cybercriminals for years. Pune Mirror had itself covered a case of BEC over four years ago in the frontpage article entitled “Scamsters hack into partner companies in Chakan and US, siphon off INR 2.75cr” in its edition dated 23 May 2017 (Source: https://twitter.com/s_ketharaman/status/875646766976126979).

Then and now, the best practice to safeguard oneself from this kind of theft is “Sub Dollar Deposit Pipecleaning” wherein the buyer initiates a small value payment to the new bank account; connects with the seller’s authorized representative “out of band” i.e. via telephone, snail mail, or any channel other than the one through which it received the new bank account details, which happened to be email in this specific incident; gets the seller’s acknowledgement, preferably in writing, of receipt of the small value payment; only then transfers the full amount.

According to a communication I received from one my banks, WhatsApp has become the go-to channel for this kind of cybertheft in recent times. But it doesn’t matter: Whether it’s BEC or BWC, the aforementoned best practice will help to provide protection against this kind of cybertheft.

Thanks and Regards.

 

KETHARAMAN SWAMINATHAN

Pune, INDIA