Man-in-the-middle (diverting goods, cheques or payments)
How the fraud works:
In this fraud scenario, the attacker places himself in “the middle” of digital communication, i.e. he presents himself to the sender as the recipient and to the recipient as the sender. If the “man in the middle” is able to use his system to gain complete control over the datat traffic of both partners, he can view and manipulate their information.
Example: When initiating a business relationship, the partners do not notice that an attacker has intervened. This can be done using an email that looks very similar and initially arouses no suspicion. The bank data in the invoice is manipulated only on invoicing. The transfer is made to a fake account, the goods are sent to another location. The fraud is often only noticed when the money or the goods fail to arrive.
How can you protect yourself in this case?
- Double-check any change of bank details via a second channel e.g. telephone, if bank details are amended by mail or post.
- Check the sender address in emails and that these are spelled correctly.
- Only send data packages encrypted.
- Ensure your anti-virus software and network monitoring are up-to-date.