Cape Town – Scammer and hackers are widening their techniques in manipulating and defrauding vulnerable people each day.
Private investigator Willem van Romburgh said fraud through email spoofing and phishing is costing South African business owners millions daily.
“Most perpetrators are professional scammers and extremely difficult to catch. Even when they are successfully traced, recovering the money is close to impossible. Investigations have revealed that bank employees often simply don’t care and shockingly, in some instances, their employees are in on the scams,” Van Romburgh said.
The South African Banking Risk Information Centre’s (Sabric) chief executive Nischal Mewalall said criminals are opportunistic and will exploit any situation to make money.
“Criminals do this in several ways, one of which is through phishing emails that request that users click on a link in the email which directs them to a spoofed website. The spoofed website looks like a legitimate online retailer complete with beautiful images and enticing taglines. Criminals use these bogus websites to harvest bank card details which they then use to make online purchases on the victim’s account. Even if a purchase is made and the transaction goes through, it could still be a scam. If a deal seems too good to be true, it most probably is.
“Another way that criminals are defrauding people is via email spoofing or spoofed websites. This is where they get to steal personal or confidential information. A criminal may use this information to contact the victim telephonically and gain their trust so that the victim willingly divulges any information requested. This information is then used to defraud the victim. This tactic is known as social engineering which exploits human psychology, as criminals know that the weakest link in the security chain is a human,” Mewalall said.
A victim of this fraud, who wished to remain anonymous, said he was in utter disbelief when he realised what had happened.
“We did business with two individuals who we know. We only do business with them once, maybe twice a year. When they emailed us the invoices from the email address that we have for their business, the account numbers were different from those we had on our beneficiary list, but it was not suspicious that it changed because it changed in the past as well. We made the payment, and the people did not receive the money. The bank called us with one of the transactions to say that the transaction has been flagged. But then the bank just proceeded with the transaction. We lost about R300 000 in these two deals.
“Unfortunately, I only realised later that they ’spoofed’ the mail, and changed the banking details before it reached us. My word of advice would be If the banking details on the invoice is not the same as you have on your beneficiary list, don't pay it. Call the person you know on the number you know and not the number on the invoice,” said the victim.
Mewalall said companies were introducing robotics and machine learning to identify transactions that may be committed by a fraudster on your account.
“We are also raising concerns of these crimes and introducing smarter, more efficient procedures to authenticate customers, as well as actively assisting the SAPS in identifying, investigating and arresting the fraudsters who are committing these crimes,” said Mewalall.