Email fraud has become one of the most damaging crimes facing South African companies; and it's on the rise.
Business email compromise has become one of the most damaging crimes facing South African companies. It’s nothing new, but according to several companies The Citizen has spoken to, it is prolific.
Chad Thomas of IRS Forensic Investigations said the method is simple but destructive.
“Emails are intercepted, invoices are altered and the banking details are changed. Victims pay in good faith and only later discover that the money has gone into the hands of fraudsters,” he said.
The scam relies on cloned invoices and look-alike email addresses. In many cases, only a single letter or digit is different from the legitimate address. “For all intents and purposes, it looks correct, but it isn’t,” Thomas said.
No company immune to email fraud
No company has been immune thus far. Mines, cement factories, hospitality. In fact, any business that has customers paying on invoice can be at risk. So too, are the people settling the bills.
Hotelier Paul Nissen, owner of Elizabeth Lodge on the East Rand has seen both sides of the fraud.
“We were not paid, and when I queried it the company showed me proof of payment. But the banking details were wrong. We never sent our details by email. Our invoices had been intercepted and altered, and the money was gone,” he said.
Nissen said his business has lost between R11 000 and R20 000 in a single instance.
“We once avoided losing over R100 000 when I paid a test amount of R200 to a supplier first. That test payment went into a fraudulent account. We lost the R200 but we saved the hundred thousand that was due on the invoice,” he said.
ALSO READ: Dean Visagie: The master of deception
To reduce risk, Elizabeth Lodge no longer places bank details on invoices.
“We give account numbers verbally or on WhatsApp, and the client must confirm the last three digits of their bank account back to us. At least that way we know the payment will be correct,” Nissen said.
Syndicates use mule accounts
Thomas said syndicates are aided by what are known as mule accounts.
“Spotters recruit unemployed people to open accounts. They hand over the card and the PIN for a few hundred rand, and the account is then controlled by the syndicate. Money flows in and is moved within hours to dozens of other accounts. It is how stolen funds are laundered back into the system,” he said.
Standard Bank issued a warning to consumers a few days ago flagging mule accounts as well as other forms of fraud. FNB issued a warning a while back, also noting agentic fraud, where real-sounding AI mimics transactional phone banking.
Nissen said that when his business was first caught by the scam, he later found out that within 15 minutes of the deposit into the mule account, the money had already moved on. He’s also seen other companies in the business community lose big money and says too little is being done to stop it.
“Friends of mine have lost hundreds of thousands. We reported fraudulent bank accounts to the bank. They acknowledged it, but weeks later the same account was used again. That is frightening,” he said.
Banks must flag suspicious accounts
Thomas said banks should be using artificial intelligence to identify suspicious patterns.
“If an account normally used only for Sassa grants, for example, suddenly has large amounts moving in and out, that is a red flag. The systems should pick it up.”
Liability rests with the payer. In a landmark case involving law firm ENS, a client who had paid into a fraudulent account tried to hold the firm liable. The court ruled the same, but an appeal then ruled that the responsibility lies with the person making the payment.
“If they have not verified the account, they carry the loss,” Thomas said. “Double check and triple check. Creditors clerks and debtors clerks must talk to each other. Know your customer, know your provider. The only way to beat this is to make human contact. If you don’t, the syndicates will win.”
NOW READ: Valoworx: Ponzi scheme ‘broke us’, say victims
