On January 15, Jain got an email in his official ID from firstname.lastname@example.org. He thought the ID was that of his Delhi-based dealer of stitching plant machines.
The mail was about Jain’s company, Wrecker Jeans and Casuals Private Limited, requiring a stitching plant machine that had been ordered from the dealer, who, in turn, was dealing with a manufacturer in China.
“The correct email ID is email@example.com. There was a difference of only one letter. I had assigned the transaction to the accounts sections and the payment was made to an HSBC account based in London on February 1,” Jain said.
But while the account mentioned in the email was in London, the transaction was completed in Birmingham, he alleged. “The fraud came to light on March 11, when a market sales executive, Raj Kumar, came to take the payment and informed us that the online payment was never made. We lodged a complaint. But we have not been told where the hacker is from. Experts at the Centre for Cyber Crime Investigation in Sector 6 told us while the domain address is in US, it is possible that some local hackers are involved,” Jain said. According to the header report of the email, in possession with TOI, it was sent from a server with the domain name system: biz211.inmotionhosting.com.
Phase III police station SHO Akhilesh Tripathi said that prima facie, the server seems to be located in the US.
While police have sought a report from domain registrar Go.daddy.com to track the email creator, they are yet to identify the person.
A police officer, however, told TOI that information sought from domain registrars arrive in about 90 days. “It usually gets stretched beyond that and is expedited only in cases of crimes at a bigger level,” the police officer said.
Jain said the bank, with which the account is registered, failed to respond on time. Being a bank based abroad, any movement is impossible without the embassy’s involvement. “I tried contacting the bank in London. An official reverted via online chat and suggested we contact the embassy for further action,” he said, adding that he has already submitted complaints to the US and UK embassies.
Cyber crime expert Rakshit Tandon said: “Many hackers in Delhi, Mumbai and Greater Noida know hackers abroad who tell them about bank accounts. The foreigners may help them get the money encashed, which is then distributed among the hackers in the chain.”