Cybercrime: Is that email really from your boss? | Fin24

Cybercrime: Is that email really from your boss?

Oct 08 2018 13:14

While consumers have become more familiar with phishing scams where generic emails are sent out to lots of people, it might be trickier to spot so-called CEO or CFO fraud and email spoofing, cautions the SA Banking Risk Information Centre (Sabric).

In its latest Digital Banking Crime Statistics report, Sabric warns that digital technology has provided new ways for criminals to commit digital banking crimes – in fact, more than half (55%) of crime-related gross losses reported to Sabric occur online.

'Gross losses' is a term used in the banking industry to refer to the total loss to the consumer as well as the bank. It therefore includes instances where the bank has refunded the client.

Email spoofing

Email spoofing is basically a "change of bank details scam".

It is where an unsuspecting person receives an email informing them that a supplier is changing their bank account details. The correspondence usually includes the details of the new account.

The details are, or course, fraudulent, and the victim unwittingly pays the fraudster and not the supplier.

CEO fraud

CEO/CFO fraud is a "niche" type of email spoofing, where a cybercriminal pretends to be the chief executive officer CEO, chief financial officer or other senior executive from the victim's organisation.

Before targeting you, cyber criminals would have researched as much as possible about co-workers on sites like LinkedIn, Facebook, or Twitter – to determine who works in the finance department.

Instead of sending a generic email to millions of people, they send a custom email, that looks very realistic, to target a select number of people.

The victim is given a fraudulent instruction to supply information, make a payment or re-direct a pending payment into the fraudster’s bank account.

Sabric tips to protect against email spoofing:

  • Constantly have your spam filters enhanced.
  • Never click on unfamiliar links or download unfamiliar attachments.
  • Delete emails from unfamiliar email addresses.
  • Learn to read header information and check the IP address on an email.
  • When acting on an email, check the email address for possible minor changes to the email address.
  • When replying to an email, check that the email address has not changed.

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

sabric  |  cybercrime  |  fraud  |  tech  |  scams


Company Snapshot


Struggling power utility Eskom will take centre stage at this year's mini budget

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...

Voting Booth

What do you think about private healthcare in SA?

Previous results · Suggest a vote