The cyber fraud is called Man in the Middle and until now it was limited to a deception in which the victims were individuals, especially companies, whose email accounts were impersonated without leaving any suspicion. Now, the target has become the institutions, which also move million-dollar amounts through bank transfers, especially in payment for the execution of the works.
This is the recent case of Mérida, whose payment this summer for just over 50,000 euros to a supplier company in consideration for its services never reached its destination. The modus operandi does not change: intercept emails between the company and, in this case, the official email where both exchange information. “It is about intercepting communications between the parties and getting hold of the invoices, and once they have obtained them, what they do is modify the destination account number, maintaining the rest of the data,” describes the spokesperson for the National Police of Extremadura, Raúl. Gonzalez.
No suspicions are raised. The recipient, in this case the municipal worker in charge of executing the transfer, does not notice the difference in the change in numbering. It is an identical clone of the invoice having intercepted the emails, except for the details of the bank account numbers. The financial institution does not detect it either. When the payment is executed, the money is diverted directly to the scammer’s account.
In these cases, the supplier usually works with the City Council, so the relationship of trust is complete. The tax data, the registration in the municipal registries as a supplier, the bank account number and the corresponding certifications have already been registered. With everything in order, all that remains is payment by bank transfer, ordered by the Treasury Delegation. The scammers take over internet communications and proceed to attack, evading the protection measures of the parties involved, in this case the City Council itself. “It would have cybersecurity barriers, although their effectiveness is being tested, but they have certainly been unlocked,” research sources point out.
The affected Emeritus city council filed the complaint on August 10. “The work was carried out by the company, we made the payment, the rest is a matter that is in the hands of the Police and Justice investigation because we do not have more information,” warns the mayor of Merida, Antonio Rodríguez Osuna.