Iden­tity theft: ONGC falls prey to cy­ber fraud, loses Rs 197 crore

Resource Digest - - CONTENTS -

In one of the big­gest cy­ber crimes in Mum­bai, the Oil and Nat­u­ral Gas Cor­po­ra­tion Lim­ited (ONGC) lost Rs 197 crore af­ter cy­ber crim­i­nals du­pli­cated the pub­lic sec­tor firm’s of­fi­cial e-mail ad­dress with mi­nor changes and used it to con­vince a Saudi Ara­bia-based client to trans­fer pay­ments to their ac­count.

The fraud was com­mit­ted on the premise that the com­pany making the pay­ment would not no­tice a mi­nor change in the e-mail ad­dress of the ONGC rep­re­sen­ta­tive, with whom they had been com­mu­ni­cat­ing. While ONGC com­mu­ni­cated with the com­pany from patel_dv@ongc.co.in, the fraud­sters duped the com­pany by com­mu­ni­cat­ing with them from patel_dv@ognc.co.in.

Ac­cord­ing to the BKC cy­ber po­lice team prob­ing the case, ONGC had an or­der to de­liver 36,000 met­ric tonnes of Naph­tha — flammable liq­uid hy­dro­car­bon mix­tures — to Saudi Aramco, an oil com­pany based in Dhahran.

On Septem­ber 7, ONGC dis­patched the or­der, worth Rs 100.15 crore, from Hazira port in Surat. Ac­cord­ing to the po­lice, the com­pany usu­ally trans­ferred pay­ments to ONGC’s State Bank of In­dia (SBI) ac­count, but did not do so this time.

“ONGC was to send a sec­ond batch of naph­tha to Aramco on Septem­ber 22. How­ever, since they had not re­ceived the ear­lier pay­ment, they en­quired with the Saudi-based com­pany,” an of­fi­cer said. On be­ing told that the de­lay was on ac­count of pub­lic hol­i­days and bank hol­i­days, ONGC dis­patched the sec­ond batch of Naptha worth Rs 97 crore on Septem­ber 22. Again, ONGC e-mailed a scanned copy of the tax in­voice with its SBI ac­count num­ber to the com­pany.

Again, no pay­ments were re­ceived in the ONGC ac­count. What fi­nally set alarm bells ring­ing was an e-mail ONGC re­ceived on Oc­to­ber 7 from Aramco stat­ing that the money had been trans­ferred to a new ac­count. When the PSU con­tacted Aramco, they were told the com­pany had merely fol­lowed up on ONGC’s re­quest to de­posit the money into an ac­count in Bangkok Bank Pub­lic Com­pany Lim­ited. “ONGC had never made such a re­quest,” the of­fi­cer said.

As soon as an of­fi­cial com­plaint was reg­is­tered on Oc­to­ber 10, Ad­di­tional Com­mis­sioner of Po­lice K M M Prasanna in­structed the cy­ber crime po­lice sta­tion to probe the mat­ter on pri­or­ity. Dur­ing in­ves­ti­ga­tions, po­lice found that some­one aware of the e-mail com­mu­ni­ca­tion be­tween ONGC and Aramco re­gard­ing the trans­fer of a large sum of money had cre­ated an e-mail ID sim­i­lar to an of­fi­cial ONGC email ID.

“The com­mu­ni­ca­tion from ONGC was done us­ing the e-mail ID patel_dv@ongc.co.in. The fraud­sters merely cre­ated an e-mail ad­dress patel_dv@ognc.co.in,” said se­nior po­lice in­spec­tor S Ma­hadik.

Us­ing this ID, the fraud­sters be­gan to com­mu­ni­cate with Aramco, and as the sec­ond email ID ap­peared al­most iden­ti­cal to the orig­i­nal, Aramco of­fi­cials did not no­tice the dif­fer­ence. The fraud­sters then sent an e-mail ask­ing for the pay­ment to be de­posited to a Bangkok-based ac­count. Of­fi­cers of the BKC cy­ber po­lice sta­tion said an FIR has been reg­is­tered un­der Sec­tions 419 (cheating by im­per­son­ation), 420 (cheating), 465 (forgery), 468 (forgery for pur­pose of cheating), 471(us­ing a forged doc­u­ment) of the In­dian Pe­nal Code and Sec­tions 66 C (pun­ish­ment for iden­tity theft) and D (cheating by im­per­son­ation us­ing com­puter re­source) of the In­for­ma­tion Tech­nol­ogy Act. ONGC was un­avail­able for com­ment.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.