Hi all, apologies in advance for the long story and for my ignorance on the subject, but I'm trying to figure out what happened here and I thought maybe someone would be able to shed some light!
A brief intro: In short, my girlfriend hired a company in Italy (she is from South America) to assist her in a process locally. The fees would be paid in three installments across the length of the process. The service itself has been provided, and the company all in all, is legit.
The issue: The first installment was correctly paid to the company's account, whose information (as well as all other communication) was provided via email. The second installment however ended up in some other random account, but here is the strange bit... The information of that random account came in an email, sent from the company's domain, which was an exact copy of previous emails, except for the account number.
When confronted, the company said that the email was "hacked" and modified in flight, and that nothing was wrong on their end. They also advised to check, in Gmail, the "show original" section to see whether the email came from another address, and effectively, it seemed that the "real" email address was a different one altogether, only using the company's one as a mask. In the end she was scammed out of a bit more than a thousand USD, and no one took responsibility.
Anyone has any idea what could have happened here? If she received a "cloned" email, why didn't she receive the original email from the company too? Can these "in-flight" interceptions really happen? Or is there an easier explanation to this?
Thanks!!!
[link] [comments]
from hacking: security in practice https://ift.tt/sKdmcJt
Comments
Post a Comment