Johannesburg, 09 Apr 2019
Fraudsters have once again swindled unsuspecting clients out of their life savings. They managed to intercept e-mails from a financial services provider to its clients, advising them on tax savings by bolstering their retirement policies or tax-free savings. This is according to cyber security specialist and J2 Software CEO John Mc Loughlin.
The fraudsters intercepted the e-mail and responded on behalf of the client, asking for confirmation on what had been put into retirement savings and also what was still possible. The financial advisors then responded and provided a breakdown of the current tax year investments and what the client was allowed to contribute before the end of the tax year.
He says the financial advisor e-mailed the requested information and documentation to the client's e-mail address. "The documentation contained the customer information and details of the investment to be paid via EFT and also included the business's bank details."
Having received the signed document as well as the proof of payment from the client's e-mail address, the financial advisor assumed all was in order. This was then sent for processing, as they waited for the investment to clear in their bank account.
Several days later, the deposit had not been cleared and they contacted the client. The client obviously co-operated and then sent the proof of payment to the financial advisor, but this didn't match the one they had received days before.
"This is when we began our investigation on their behalf. From the evidence in front of them, it now appeared that a trusted insider working within their business had given the client the incorrect bank details in order to commit fraud," he explains.
Mc Loughlin says the client had seen an e-mail with documents that were nearly similar, except the bank details were different. "Upon investigation, the client had received the changed documents from a free e-mail service, which was a fake account using mail.com and a derivative we have seen before; they use a free e-mail service with the domain consultant.com.
"It became clear that the client had their e-mail account compromised, and it was not a malicious insider at the financial advisor, as initially thought. This compromise happens because people never change their e-mail passwords. Compromised passwords allow cyber criminals to access their e-mail accounts. They don't need to do anything except wait for the right e-mail to arrive," he warns.
In this case, the attackers intercepted the e-mails from the financial services company before the client saw them. They then created a cloned e-mail address on a free e-mail service and then sent the altered documents to complete the fraud.
"The reason the attacker would have then sent fake proof of payment was to delay the business from following up. This delay gave the attacker enough time to empty the fake bank account of over R300 000. This client now has lost a large amount of money, which was destined to be a retirement saving," he concludes.
Share