South African non-profit job creator nailed in R600,000 cyber attack — could shut down

  • The Big Issue, which supports about 120 vendors across the Western Cape, faces possible closure.
  • The job creation project was scammed out of R600,000.
  • Police are investigating but Derek Carelse, managing director of The Big Issue says it is not clear if the money will be recovered.
  • Meanwhile The Big Issue is relying on donors to make up the money lost and keep the project going.

The Big Issue may have to close early next year if enough money doesn’t come in to cover the R600,000 lost in a cyber scam.

“If we don’t get funds from the public now, it will kill us,” says Derek Carelse, managing director of The Big Issue. The Big Issue now hopes to raise enough money through donations to recover the R600,000 and cover operational costs.

On 6 June, The Big Issue received an email purporting to come from their printers, saying the printers were changing their bank account and sharing an FNB account verification letter, which was fake. Over the next three months, R600,000 was paid into this fraudulent account from The Big Issue’s Standard Bank account.

The error was discovered on 6 October. By then it was too late.

“It’s a very simple thing. They imitate the person and the look and feel of the email coming from someone, but it’s not actually coming from them,” says Carelse.

Leon Hannibal is the head of investigations at Wolfpack Risk, the cyber security firm conducting an investigation for The Big Issue pro bono. “This was clearly a case of business email compromise,” says Hannibal. He says from the emails it is clear this was a “targeted attack”. How the fraudsters got login access to the email accounts of The Big Issue and the printers is not clear.

Looking at the attacker’s emails, Hannibal says there are “clues” that make them suspect:

  • The email address isn’t that of the printers;
  • On the bank verification letter sent to The Big Issue by the scammers, there is a reference number that supposedly can be verified with the bank. But this reference number is false.

Hannibal says phishing emails are very frequent and this is one of the most common ways people lose money. According to a Surfshark report, South Africa is the fifth most susceptible country to cybercrime in the world. “We’re very technically advanced but the average person is not very technically savvy,” Hannibal says.

He says the best protection against these attacks is the 2 Factor Authentication (2FA). With 2FA, a second layer of security is created, by requiring a second device to authenticate a login. For example, a unique authentication code (or token) is sent to your cellphone when you try to log in.

The Big Issue is battling to survive after scammers robbed it of R600,000. Photos: Ashraf Hendricks/GroundUp

The bank

Carelse says that both FNB and Standard Bank have investigated the fraud, but the money has already been withdrawn from the scammers’ account.

In order to open a bank account today, Financial Intelligence Centre Act (FICA) requirements need to be met. This includes an ID number and proof of address.

But Roshan Jelal, Head of Fraud at FNB, says accounts which are opened legally can later be used for “nefarious purposes”.

“Fraudsters use stolen or synthetic identities to open bank accounts, or syndicates employ the services of mules who are properly authenticated and verified, and these can delay the detection and closing down of fraudulent accounts.”

Carelse says The Big Issue had opened a case with the police.

FNB would share relevant information with the police, said Jelal.

Hannibal thinks that banks should be more proactive and that they should be tracing where the money went when it was withdrawn from the fake account. “Was it transferred into another account?” He says that there has to be a paper trail.

“This is not an anonymous bitcoin wallet. It’s a South African bank account,” he says. Banks should have more control over sums of this size, he says.

The cover of The Big Issue’s November issue is dedicated to the scam. It has a bright yellow cover with a big black eye in the centre and the words “DIGITAL CRIME ALERT!” written in bold. The magazine used the scam as a public service announcement. “People really need to know how this thing works. So many people have fallen for this”, says Carelse.

The Big Issue was first launched in 1991 in the UK. The first South African issue appeared in 1996. “We’re essentially a job creation project,” says Carelse.

There are about 120 vendors across the Western Cape, selling “The Big Issue” and the “Little Issue”, a literacy magazine for young learners. The magazine costs R30 and half goes to the vendor. The organisation also runs workshops for skills development such as sewing, supports vendors by helping their children through school and fixing their homes, and also offers health support by bringing doctors to the offices.

Carelse says it’s not clear if they’ll receive their money back. The cost of operations at The Big Issue is around R3.5-million a year.

By  for GroundUp. Republished under CC BY-ND 4.0.

Now read: Investment company ordered to pay over R800,000 after client’s email hacked

Latest news

Partner Content

Show comments


Share this article
South African non-profit job creator nailed in R600,000 cyber attack — could shut down