Beware the BEC scam: How one man lost R3 million he was planning to invest

Stephen Grootes gets all the details from consumer ninja Wendy Knowler on The Money Show.

On this week's edition of The Money Show, Wendy Knowler puts the spotlight back on the form of cybercrime known as business email compromise (BEC).

Despite all the warnings it’s more prevalent than ever, she says, and people are losing huge amounts of money.

RELATED:

• BEC scam: Top court rules property buyer liable for R5.5m loss, NOT law firm
• BEC scam warning: If you send invoices via email for payment, TRIPLE check the banking details

In a recent case, a man who lives in a Western Cape village, was scammed out of R3 million.

"In a nutshell, what happens is that fraudsters hack into email servers and intercept emails from a service provider to a client, asking for payment by means of an attached invoice."

Wendy Knowler, Consumer Journalist

"Unbeknownst to the payer, a fraudster has intercepted the email, removed the company’s banking details and added theirs, so the client pays the fraudster instead of the company that is owed their money."

Wendy Knowler, Consumer Journalist

'Malcolm' reached out to Knowler after his planned investment of the proceeds from a property sale with Allan Gray went horribly wrong.

After discussing it on the phone, he began exchanging emails with the investment management firm.

What this client found out later was that his email server had been hacked.

"The fraudster inserted himself, using an email address very slightly different from that of Malcolm’s financial advisor – so close he didn’t notice."

Wendy Knowler, Consumer Journalist

"And that’s how Malcolm came to deposit R3 million into a fraudster’s account instead of that of Allan Gray."

Wendy Knowler, Consumer Journalist

Knowler's first piece of advice to protect yourself against BEC is to NEVER give or receive banking details in an email without a prior phone call or other means of communication.

She says some companies go as far as to advise staff: 'Have a face to face consultation with the client (or any ther person making payment) and exchange banking information at that meeting.'

Other safety precautions:

• Make sure your PC or laptop has the most up-to-date OS updates and antivirus/malware software.
• Enable MFA (multi factor authentification) on all email and bank accounts to add an extra layer of security.

• Use unique, strong passwords on your email account.
• If you receive a suspicious or urgent email asking for a payment, account change, or sensitive information, never use the contact information in the email. Instead, contact the sender directly via a known phone number or another trusted channel.
• Always check the sender's full email address carefully for any discrepancies in spelling, as cybercriminals often use domain names that closely resemble legitimate ones.

For more detail, listen to the interview audio at the top of the article