And things are just not in the right place for India’s blue-eyed new-age internet boy Flipkart. In a massive breach of cyber security at the company, official email ID of its CEO Binny Bansal, was spoofed by a group of hackers. Hackers sent two emails from the account on behalf of Bansal to the CFO of company Sanjay Baweja, asking him to transfer $80000 to his bank account.
Due to the sudden demand for such a huge amount, Baweja cross-checked with Bansal in person regarding the emails and found out that they were fake emails. A complaint with CID’s Cyber crime cell was filed on Bansal’s behalf by a Flipkart employee named SN Shivagangaiah.
It is a clear case of email fraud. We request internet users not to react immediately to emails seeking money transfers and other monetary benefits,”
said Hemant Nimbalkar, IGP, CID-cyber cell.
He further added that he had formed a special team to investigate the case.
According to the investigators, it was a case of email spoofing where hackers sent the emails from forged addresses.
If you are unware of what E-Mail spoofing is, it is a kind of e-mail that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing. usually to send an email the sender has to enter the following information:
- email address of the receiver of the email
- email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy)
- email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the e-mail (known as BCC for blind carbon copy)
- Subject of the message (a short title / description of the message)
Sources at CID suspect an advanced virus used by the hackers to hack into the email account. The two emails were reportedly sent from HongKong and Canada at the same time using a server in Russia.
Here is the transcript of the email uncovered by the TOI:
Subject: Urgent wire transfer
Good afternoon Sanjay. How are you doing? Hope you enjoyed your day yesterday? Are you in office? I need you to transfer the sum of $ 80.000.00 as soon as possible (Urgent). Kindly reply this mail to know if you are in the office so I can provide you the bank details of the beneficiary for urgent wire transfer.
-Binny Bansal- Co-founder and chief executive officer, Flipkart online services Pvt Ltd, Bengaluru Karnataka-India
This marks perhaps the biggest cyber breach in India’s new-age internet history. The attacks however, seem to be on a rise with the increase in number of technology-backed, web-powered companies in India. Last year, Gaana.com suffered a major cyber attack where details of about 10 million users were exposed.
According to a fresh Cybercrime Survey Report by professional services firm KPMG, as many as 72% of the Indian companies faced cyber-attacks in the year 2015, signifying the looming cyber security challenges to the modern internet companies. Talking to us on this issue, Dr. Ajay Data, a noted cybersecurity and secured email services expert and CEO of Rajasthan’s biggest IT firm Data Infosys tells us,
It is very surprising to note that companies like FlipKart are still hosting their emails outside India and using Google as their server and then getting cyber security issues along with spoofing of the CEOs email. It was Flipkart CFO`s presence of mind that saved them from a huge financial loss , but it cannot be denied that some damage may have happened because someone else may have acted upon that spoofed email.
Meanwhile, we have contacted Flipkart for fresh updates in this, and will update the story once we receive any.
Upon discussion with Flipkart, we understand that the e-mail was spoofed and not hacked. Do note though, that since the mails looked legitimate to the CFO Baweja and spoofing meant that multiple such mails could have been sent in addition to the ones sent, one could presume that the e-mail sending mechanism was indeed out of hands of CEO Binny Bansal.
Also, here is a statement issued by the company to The Tech Portal :
We would like to clarify it is not a case of hacking. Flipkart’s corporate email system leverages the highest standards of security including but not limited to two factor authentication. We have filed a case of email spoofing which involves use of a forged email header to make it look like a legitimate email. This case of email spoofing was immediately detected and a report was filed with the police