Man In The Middle: The new online scam that more and more people are falling victim to

Imagine if you could: one comes to your email e-mail that seems (and we say “looks” why is written in exactly the same way used in all your previous correspondence) from a friend or colleague asking you to deposit money into a different bank account than usual.

You follow the instructions, you deposit the money, however a few days later, when you talk to each other, then you understand its size fraud: you were the victim of hackers who had given the bank account of a ghost company to a bank in a country other than the one where the money was supposed to end up.

In short, you just lost a pretty respectable amount of money, falling victim to Man In The Middle (now called Person In The Middle, but established as “MITM”).

The scam got this name because of an internet “interference” in some way, “Intermediary” hacker in a transaction, stealing the correspondence of two people, managing to impersonate one of the two and finally reaching his goal, which is none other than the extraction of money.

How MITM works

The hacker through special techniques phishing gains access to a user’s computer, then having a complete picture of his correspondence as well as his banking transactions.

Usually, the hacker “watches”, without anyone knowing it, a conversation with a financial transaction and knowing when it is time to make a deposit, communicates via an e-mail that is a scam with the person who will make the deposit. He throws licenses, in essence, to catch up, but because Internet fraud has come a long way, he usually achieves his goal.

The hacker then creates a ghost company with the same name as the one mentioned in the emails and then a bank account for it in a bank. These Banks are usually based in third countries, such as Ukraine. But this is not understood by the would-be depositor, who eventually falls victim.

It then sends the deposit change e-mail taking care not to differ much from the original, the authentic e-mail, regarding his e-mail address or the way of writing and asks for the deposit to be made in a new bank account -The one they have made themselves in a bank of another country.

After the deposit, the money transferred, for obvious reasons, immediately to bank accounts in remote countries so that they cannot be easily tracedn. The only case for the victim to save his money is how quickly he will react by contacting his bank immediately, so that this money is frozen by it and does not come out of the victim’s account.

What the authorities advise

Reasonably, every Internet user should, in these cases, have learned to control their transactions and how they are done. For example, you should make any changes to your bank account to be confirmed by telephone on a telephone that exists and not a ghost phone.

A basic condition for not losing money is direct communication with the bank that serves the citizen or with the Cyber ​​Crime of each country. However, the fact remains that, as this is a transfer of money done knowingly and through one’s own actions, the bank cannot offer further protection.

Commonly, if you happen to be a victim… you may not easily untangle, as whichever Interpol and Europol get in the way is extremely difficult to locate the beneficiary of these bank accounts in foreign banks.

The most common forms of cyber fraud

Citizens’ credit card charges via the internet for purchases, which dwere not carried out by themselves.

• In these cases, a malicious internet user creates a fictitious website and in this way manages to collect data and credit card numbers of internet users, who, having been deceived, think that it is an online store and make their purchases.
• In addition, there are many cases where smart people manage to gain physical access to citizens’ credit card details which they then use in online shopping, as for these purchases it is not necessary to have physical possession of the credit card, only its details.
• In addition, in many cases internet users inadvertently give their data to malicious internet users (phishing). In particular, the unsuspecting citizen receives an e-mail from the Credit Institution, in which he keeps an account, with which he is asked to fill in his details (name, account number and credit card, etc.), for reasons such as updating the bank files. The message, through a hyperlink, leads them to a fictitious website of the bank, with the result that the citizen is convinced and provides the data in question.

Trafficking in deceptive messages, which seek to deceive unsuspecting citizens.

• In particular, the malicious perpetrators of this form of fraud, described under the term “Spanish Lotto”, are the mass sending of e-mails to random internet users, informing them that they have won a large sum of money. millions of dollars in online lottery.
• The creators of these messages, in order to be credible, use similar names of large companies (eg Microsoft, Yahoo, etc.) and accompany the messages they send with fake certificates regarding the alleged electronic lottery.
• The fraud is due to the fact that they ask the supposed winners to prepay some taxes and / or disbursement expenses, an amount that is usually in the order of a few thousand dollars.

“Scams 419” or “Nigerian Scams”

• In these cases, messages are sent to random internet users, informing them that a holder of a particularly large property has passed away and either there is no heir and the recipient of the message has been chosen so that he can inherit the property, or to become If the property can be released, it needs to be transferred to a foreign bank account and the recipient of the message is informed that if he disposes of his account, he will acquire a percentage of this property.
• In other cases, people from Nigeria seek the help of entrepreneurs or freelancers in order to transfer their funds, which come from criminal acts (smuggling, fraud, bribery, etc.), promising a high reward for this cooperation. For this purpose, they use the titles of official bodies of their country (Ministries, Central Bank, National Oil Company of Nigeria, etc.), use the titles of government or military agents with real and false names or claim their relationship with “famous” or “important” faces.
• The fraud lies in the fact that the senders of the messages ask the recipients to send them their personal data, bank account and credit card details, etc. in order to achieve their cooperation and collect the money.