During 2024 no less than five of our customers lost significant amounts of money as a result of email intercept fraud - and they are not alone. (Tredger, 2024a; ABC 10 News, 2020a)
Email intercept fraud are on the rise throughout South Africa (Tredger, 2024a) and the United States (ABC 10 News, 2020a).
In 2024 Aonβs first Cyber Risk Survey for South Africa, concluded that 22% of participating companies have suffered a cyber incident in the past five years, the majority of which (that is 67%) deployed a cyber risk management tool. (Tredger, 2024a)
How an email intercept scam works
First, the hackers will break into your email account.
They will then watch your account for incoming invoices from legitimate service providers like your doctor, plummer, etc.
When an invoice arrives, they will copy, screenshot or forward the email before deleting it.
They will then set up a temporary fake email address that looks almost identical to the one that originally sent the invoice.
They will amend the banking details on the invoice and send it to you for payment.
Good advice based on years of experience
The following advice is extremely important, because your bank will not cover (or subsidize) your ignorance.
β Stay away from domain name email addresses hosted by your local ISP. While they may offer decent security - it will never be as good as those offered by Gmail and Outlook.com. These services will not only block suspicious logins automatically, but also allow you to review the login history of your account in the event of litigation.
π¨βπ» Get a professional to set up your email accounts. Most IT guys will fail to secure your emails (ABC 10 News, 2020a) with multi-factor authentication (Ripon, n.d) and transport layer security, simply because it is tedious to configure and document. See, Email Server Settings.
π Update your email and antivirus software. (Ripon, n.d)
β Never pay large amounts of money to anyone without verifying their banking details. (ABC 10 News, 2020a) And, for heaven's sake, do not email them to verify their banking details. The only answer you will receive is from the hackers themselves. Once verified, perform a small and insignificant transfer. Check whether they received the payment. Once confirmed, add them as a beneficiary and transfer the rest of the money.
References
- ABC 10 News (2020a, February 25) Couple wires $800,000 home down payment to scammer [YouTube] Retrieved from https://www.youtube.com/watch?v=GZatBMO7TMg
- Ripon, R. (n.d) 15+ Must-Follow Email Security Best Practices to Prevent Potential Email Threats [fluentSMTP] Retrieved from https://fluentsmtp.com/email-security-best-practices/
- Tredger, C. (2024a, January 29) E-mail interception fraud on the rise in South Africa [ITWeb] Retrieved from https://www.itweb.co.za/article/e-mail-interception-fraud-on-the-rise-in-south-africa/JBwErvn3p5476Db2
- Wikipedia (n.d.a) Email fraud. Retrieved from https://en.wikipedia.org/wiki/Email_fraud
For more information, simply run a Bing, DuckDuckGo or Google search.