Beauty e-tailer duped of Rs 62 lakh by cybercriminals: What you need to know of the scam and how to avoid

Cases of online shoppers falling prey to cybercriminals and fraudsters has been on a rise. However, retailers getting duped is a rare instance but that’s exactly what happened with Nykaa, a domestic retailer of beauty and fashion products. The Mumbai police has confirmed the case of cybercrime. The police have registered an FIR under the IT Act and Nykaa has confirmed that there has been no breach of consumer data. Here is all you need to know about the cybercrime that happened with Nykaa

The scamsters tricked Nykaa into sending money meant for its Italian supplier to some other bank account.

In Email spoofing, the email ID of the sender is spoofed by cyber criminals. Spoofing of email is basically sending email messages from a forged address. When users send an email, the sender name is attached to the message. This sender name is forged.

In March this year, the vendor told the company that the order was ready and sent an invoice. As flights were suspended due to coronavirus lockdown, Nykaa couldn’t import the material and informed the vendor that it would not be able to receive the consignment.

Once they spoofed the email ID, the cybercriminals asked Nykaa to transfer payment for the consignment to a different bank account. They claimed this is for taxation purpose. Nykaa was informed that all future transactions will be conducted through this account.

Nykaa officials discovered that they have been duped after the 'original' vendor told them that the bank account they made the payment to was not theirs. Nor the email ID from where the payment request came from.

While there is no sure-shot way, the common warning signs of a spoofed email are: Use of poor language/grammar/punctuation and language that conveys a sense of urgency.

Always match sender's name with their email address. Look 'from' field carefully in any email that asks for any transaction-related information or action. It is also important to examine carefully the return path of such an email.

One of the most common technique used by cybercriminals is to buy domain names similar to the companies' domain that they plan to forge email addresses of. For example, if the name of the target company is 'indiacompany.com', they may buy domain named 'indiac0mpany.com'. As the chances of fooling victims becomes easier with similar-looking/spelt domains.