South African business email scam warning

The South African Banking Risk Information Centre (SABRIC) is warning people about a scam known as “Business Email Compromise”.
The Business Email Compromise scam targets specific employees in organisations who are authorised to transfer funds or make payments.
According to SABRIC, criminals literally “steal money by asking for it” through this scam. Here is how it works:
- Criminals use information obtained from company websites or other digital platforms to get the details of CEOs, financial directors and other key senior individuals.
- They then impersonate these individuals by sending electronic requests via email or text message to junior staff in the accounting or finance function requesting that an urgent payment be made to a specific beneficiary.
- The staff members then pay money into the new beneficiary’s account, which is actually an account which is part of the criminal network.
- By the time the employee realises that funds have been paid into the incorrect account, it is too late as criminals use accounts belonging to “money mules”.
Criminals also use phishing attacks, where users are sent emails containing malicious links and are then manipulated into clicking on them to install malware.
This malware is designed to access the victim’s network and monitor mailboxes to enable criminals to learn about payment patterns, who the role players are, and to understand individual communication styles.
This is to ensure that when a criminal impersonates the person issuing the directive to make a payment, it comes off as authentic and does not arouse any suspicion.
Criminals will also utilise email spoofing software and similar email domains to trick the recipient into thinking that an email containing a payment instruction is from the usual authoriser.
Protecting against this scam
The SABRIC said organisations must ensure that they have multi-tiered risk mitigation strategies to prevent Business Email Compromise attacks.
These should include intrusion detection, penetration tests, and firewalls; robust policies and procedures with inherent checks and balances; and education and awareness for staff.
“We urge staff to be vigilant about checking a senders email address very carefully should they receive an email instructing them to make a payment,” the organisation said.
The SABRIC said the email address will often differ by one or two characters, which can save the company a lot of money if they pick it up.
Here are a few basic rules to protect against Business Email Compromise scams.
- Never list your main email address publicly anywhere online – in forums, in online advertisements, on blogs, social media or any place where it can be harvested by spammers.
- Use a separate email address for the internet which is not linked to your personal or business email account.
- Any unplanned or urgent payment instructions should be questioned. Always check with the person issuing the directive in-person or via a credible channel – preferably one where you can see them.
- Any requests for a change in beneficiary account details should be verified by contacting the sender using normal, legitimate historically sound contact details.