© YAKOBCHUK VIACHESLAV | Shutterstock.com



At the end of 2017, several VDMA member companies independently reported fraudulent activities involving fake bank account details in offers to international customers. There is cause for concern.

By Steffen Zimmermann

© Lagarto Film | Shutterstock.comCyber criminals change E-Mail addresses in offers and swap account details in PDF files to get customers to transfer down payments for machinery to other accounts. VDMA understands that the damage incurred amount to hundreds of thousands per case. And the fraudsters are still active. In all cases, the perpetrators succeeded in hacking E-Mail communications. Their goal is to tamper with the bank account details used for down payments, so that the payments are made to other accounts. The customer of one mechanical engineering company incurred substantial financial damage, not to mention the resulting heavy strain on the business relationship. A company from North Rhine-Westphalia reports that a fraud like this cost them both more than 400,000 euros in down payment and the customer itself.

E-Mail accounts hacked

It can be assumed that the cyber criminals used illegal methods to gain access to one of the mechanical engineering company's E-Mail accounts. This enabled them to read the E-Mails of the affected account over a longer period without being noticed, acting only when they found a promising offer in the inbox. The mechanical engineering company then received an E-Mail, they thought from the customer, informing them of a changed E-Mail address. A similar notice will have been sent to the customer. From this moment on, all communication passed through the hacker.

This type of attack is also known as a man-in-the-middle attack. In most cases, only a single letter is changed in the fake E-Mail address, while the sender's name displayed in Outlook remains the same, as was the case in this instance. This enabled the hacker to tamper with PDF files without being noticed and thus cause the customer to transfer the down payment to the wrong account.

Fraudulent activities should always be reported to the authorities, as this is the only way to prevent other companies from falling prey to these attacks. In Germany for example, all State Criminal Police Offices (LKA) have a department for reporting cyber crime. In Austria, these activities can be reported to the Federal Criminal Police Office. In the cases described above, the LKAs and the companies affected worked together to crack down on the attackers - albeit without any success so far.

Direct phone contact for payments

When sending offers via E-Mail, VDMA recommends always keeping an eye on the business partner's E-Mail address instead of simply checking the sender's display name. Companies should also ensure that their employees and customers know that changes to E-Mail addresses should always be questioned. Alarm bells should ring if sudden changes are made to account details in ongoing communication. If possible, the bank details should be verified directly by phone before any payment is made. From a technical perspective, it is also possible to use password-protected PDF files and transmit the password via phone. Member companies that are interested in taking out insurance against cyber crime can contact Thomas Völker from VSMA, the insurance broking company for the mechanical and plant engineering industry.

Further Information

VDMA Competence Center Industrial Security   |   VDMA Software and Digitalization   |   VDMAimpulse 02-2018: "Industrie 4.0 - Secure digital identities create trust"   |   State and Federal Criminal Police Offices Germany   |   Federal Criminal Police Office Austria

Steffen Zimmermann, Head of VDMA Competence Center Industrial Security.

Related sections