Cybercrime: Is that email really from your boss?


While consumers have become more familiar with phishing scams where generic emails are sent out to lots of people, it might be trickier to spot so-called CEO or CFO fraud and email spoofing, cautions the SA Banking Risk Information Centre (Sabric).

In its latest Digital Banking Crime Statistics report, Sabric warns that digital technology has provided new ways for criminals to commit digital banking crimes – in fact, more than half (55%) of crime-related gross losses reported to Sabric occur online.

'Gross losses' is a term used in the banking industry to refer to the total loss to the consumer as well as the bank. It therefore includes instances where the bank has refunded the client.

Email spoofing

Email spoofing is basically a "change of bank details scam".

It is where an unsuspecting person receives an email informing them that a supplier is changing their bank account details. The correspondence usually includes the details of the new account.

The details are, or course, fraudulent, and the victim unwittingly pays the fraudster and not the supplier.

CEO fraud

CEO/CFO fraud is a "niche" type of email spoofing, where a cybercriminal pretends to be the chief executive officer CEO, chief financial officer or other senior executive from the victim's organisation.

Before targeting you, cyber criminals would have researched as much as possible about co-workers on sites like LinkedIn, Facebook, or Twitter – to determine who works in the finance department.

Instead of sending a generic email to millions of people, they send a custom email, that looks very realistic, to target a select number of people.

The victim is given a fraudulent instruction to supply information, make a payment or re-direct a pending payment into the fraudster’s bank account.

Sabric tips to protect against email spoofing:

  • Constantly have your spam filters enhanced.
  • Never click on unfamiliar links or download unfamiliar attachments.
  • Delete emails from unfamiliar email addresses.
  • Learn to read header information and check the IP address on an email.
  • When acting on an email, check the email address for possible minor changes to the email address.
  • When replying to an email, check that the email address has not changed.

* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Voting Booth
Should government have assigned a majority shareholding in SAA to the private sector?
Please select an option Oops! Something went wrong, please try again later.
Yes, It's a good decision
64% - 148 votes
Not a good move
10% - 22 votes
Too early to tell
26% - 61 votes