Man-in-the-mail scam: how to protect yourself 

Table of contents

• Man-in-the-mail scam: what to know to defend yourself  
• How the Man-in-the-mail scam works  
• The main targets of the scam: who is most at risk  
• Warning signs to recognize the Man-in-the-mail scam  
• How to protect yourself: cyber security tips  
• The importance of reporting to the postal police  
• A threat to e-mail transactions 

News pages frequently mention cases of hackers intercepting emails and altering attachments, such as invoices, by modifying the IBAN details. 

This is just one example of a common phenomenon known as “Man-in-the-mail” fraud. 

In this article, we will explain what the Man-in-the-mail scam is and how to protect yourself from this type of fraud. 

Man-in-the-mail scam: what to know to protect yourself 

The Man-in-the-mail scam is a fraudulent scheme that exploits email communications to infiltrate business transactions, alter payment details, and trick victims into sending money to hackers instead of the intended recipients. 

This type of attack poses a serious threat to businesses and individuals, especially in sectors like corporate transactions and online sales, where email communications and financial transactions are frequent. 

In Italy, as in other regions, postal police and cyber security services are warning businesses and private users alike. 

The scam is particularly insidious because it is often detected too late, after funds have already been transferred to foreign accounts that are difficult to recover. 

Here, we will delve into how this scam works, warning signs to watch for, and security measures to avoid falling victim to this type of fraud. 

How the Man-in-the-mail scam works 

The Man-in-the-mail scam leverages a technique called Business Email Compromise (BEC) to infiltrate correspondence between companies, individuals, and suppliers. 

The attacker gains control of an email account or creates a similar one to intercept and alter communications. The scam is typically executed in two main ways: 

• Corporate email compromise
  The hacker gains access to the email account of one of the parties involved in the financial transactions. After studying the details of the conversation, they modify payment instructions without the knowledge of the legitimate recipients. 

• Credible fake emails
  In some cases, the fraudster does not have direct access to the email account but sends messages from addresses that mimic the real one (for example, by adding a character to the domain name). This can easily convince the recipient of the message’s authenticity. 

This type of fraud is effective because the email addresses or payment instructions are often very similar to the originals and are not immediately identified as suspicious, especially when the company has many financial operations underway or lacks sufficient internal verification tools. 

The main targets of the scam: who is most at risk

The preferred victims of the Man-in-the-mail scam are companies that handle a high volume of transactions and communications with clients and suppliers, but private users can also be involved. 

Sectors such as logistics, technology, and consulting are often targeted because they frequently handle contracts and orders where email communication is essential. 

Small and medium-sized enterprises (SMEs) in regions like Emilia Romagna and other Italian areas are experiencing a rise in such attacks. 

For companies with fewer IT security resources, it is easier for fraudsters to insert themselves into digital conversations, identify payment times, and manipulate sensitive information to direct funds into fraudulent accounts. 

Warning signs to recognize Man-in-the-mail scam 

It is possible to recognize the Man-in-the-mail scam by paying attention to specific warning signs, such as: 

• Sudden changes in payment instructions
  Receiving a request to change payment methods or IBAN details mid-transaction is a potential sign of fraud. 

• Similar, but not identical, email addresses
  Fraudsters often use addresses with slight variations from the originals; always verify the authenticity of the address. 

• Urgent or pressuring messages
  Requests to transfer funds quickly or under the threat of losing the deal can indicate a fraud attempt. 

Recognizing one of these warning signs is essential to identifying the issue in time and taking necessary action before funds are transferred. 

How to protect yourself: cyber security tips 

Prevention is the best defense against Man-in-the-mail scam. Some simple steps can improve email communication security: 

• Implement multi-level verification
  Use two-factor authentication system for accessing email accounts as a first tool to prevent unauthorized access. 

• Continuous staff training
  Many cyber security scams spread due to a lack of knowledge about digital risks. Regular employee training helps raise awareness of fraud signals. 

• Phone confirmation of payment changes
  When changing financial information, it is important to contact the recipient by phone to confirm the authenticity of the request. 

• Updated security software
  Installing up-to-date antivirus and firewall software reduces the likelihood of infections and email account compromises. 

• Active email monitoring
  Set up alerts for suspicious activities, such as access from unusual locations or password change attempts, to detect potential compromises early. 

The importance of reporting to the postal police 

Reporting any suspected Man-in-the-mail scam to the postal police is a critical step. This type of report helps authorities track fraud patterns and issue public warnings to protect other users. 

In Italy, the postal police are increasing vigilance, and numerous cases in Emilia Romagna have led to the creation of awareness campaigns for businesses and citizens. 

Reporting not only initiates an investigation but may also help recover funds through the intervention of IT security specialists. 

A threat to e-mail transactions 

The Man-in-the-mail scam is a growing threat to the security of financial transactions via e-mail. 

Implementing cyber security measures, raising employee awareness, and maintaining active communication with suppliers are essential steps to avoid falling into the trap. 

For any suspicion of fraud, promptly contacting the postal police can make the difference in stopping fraudulent activity and protecting your resources. 

FAQ 

1. What is the Man-in-the-mail scam?
   It is a fraud that manipulates emails to divert funds from business transactions. 
2. How does the Man-in-the-mail scam occur? 
   Hackers intercept emails and alter payment details to steal funds. 
3. Who is most at risk of the Man-in-the-mail scam?
   Companies with frequent transactions, especially in sectors like logistics and technology. 
4. What are the warning signs of a Man-in-the-mail scam?
   Sudden changes in payments, suspicious emails, and urgent requests. 
5. How can businesses protect themselves from the Man-in-the-mail scam?
   Use security checks, two-factor authentication, and updated software. 
6. What role does the postal police play in Man-in-the-mail scams?
   The postal police investigate frauds and assist with recovery efforts. 
7. What should you do if you suspect a Man-in-the-mail scam?
   Verify details and contact the postal police to report the incident. 
8. How widespread is the Man-in-the-mail scam in Italy?
   It is on the rise, especially in regions like Emilia Romagna and Veneto. 
9. Why is it difficult to recover funds from a Man-in-the-mail scam?
   Funds are often quickly transferred to foreign accounts, making them hard to trace. 
10. What are the risks for individuals and companies in a Man-in-the-mail scam?
    Loss of funds and the compromise of corporate communications and trust.