"Another way criminals glean information to perpetuate this crime is through phishing attacks, where users are sent e-mails containing malicious links and are then manipulated into clicking on them to install malware," said Van der Merwe.
"This malware is designed to access the network and monitor mailboxes to enable criminals to learn about payment patterns, who the role players are and to understand individual communication styles, including typically used words or phrases," she said.
"This is to ensure that when a criminal impersonates the person issuing the directive to make a payment, it comes off as authentic and does not arouse any suspicion."
"Money mules" then remove the funds from the "beneficiary" account, making it too late to correct the payment when victims realise they have been defrauded.
"We urge staff to be vigilant about checking a sender's e-mail address very carefully should they receive an e-mail instructing them to make a payment. Often, the address will only differ by one or two characters," said Potgieter.
Sabric advised that companies put in place robust policies and procedures with inherent checks and balances, as well as educating staff about fraud risks.
Beware of this scam by criminals who steal money by simply asking for it
Image: 123RF/Ian Allenden
The SA Banking Risk Information Centre (Sabric) is warning bank customers about a new scam in which criminals "steal money by asking for it".
The scam, referred to as "business e-mail compromise" has been flagged by the US Federal Bureau of Investigations (FBI) and in the Mimecast "State of E-mail Security Report" as concerning - citing an increase in organisations affected by impersonation attacks.
"This scam targets specific employees in organisations who are authorised to transfer funds or make payments," said Sabric spokesperson Louise van der Merwe, who noted that South African incidents were in line with the global trend.
"Digital technology, combined with social engineering which exploits our human tendency to be compliant when faced with a directive from an authority figure, enables criminals to perpetuate this type of crime," said Sabric acting CEO Susan Potgieter.
Criminals use information from company websites and other digital platforms to impersonate CEOs, financial directors and senior individuals before targeting junior employees with e-mails requesting urgent payments to specific beneficiaries.
Department moves against alleged scam
"Another way criminals glean information to perpetuate this crime is through phishing attacks, where users are sent e-mails containing malicious links and are then manipulated into clicking on them to install malware," said Van der Merwe.
"This malware is designed to access the network and monitor mailboxes to enable criminals to learn about payment patterns, who the role players are and to understand individual communication styles, including typically used words or phrases," she said.
"This is to ensure that when a criminal impersonates the person issuing the directive to make a payment, it comes off as authentic and does not arouse any suspicion."
"Money mules" then remove the funds from the "beneficiary" account, making it too late to correct the payment when victims realise they have been defrauded.
"We urge staff to be vigilant about checking a sender's e-mail address very carefully should they receive an e-mail instructing them to make a payment. Often, the address will only differ by one or two characters," said Potgieter.
Sabric advised that companies put in place robust policies and procedures with inherent checks and balances, as well as educating staff about fraud risks.
WATCH | EL man, 83, scammed at ATM
Sabric offered the following safety tips:
Phishing
E-mail spoofing
Business e-mail compromise
Would you like to comment on this article?
Register (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Trending Now
Latest Videos