Online fraud is an increasingly prevalent scourge and consumers need to be much more vigilant in order to protect themselves against the perpetrators. Many of us are confronted on a daily basis with for example:
- Unsolicited emails offering loan finance at unbelievable low rates without any affordability checks [here the fraudster attempts to obtain bank account details or more likely payment of a facilitation fee in advance, after which the loan never materialises];
- Unsolicited emails requesting the consumer to assist with a payment of an inheritance or other million-dollar payments where the fraudster claims to require a bank account to process the payment and promises a share in the proceeds (“the so called “419 scams”, which can usually be recognised by poor spelling and foreign legal terminology – related to these are the scams where the fraudster claims that there is an heir sharing your surname and pretends to be an attorney wanting you to receive the supposed inheritance and asking for your personal details and fees);
- Emails from supposed suppliers, revenue authorities such as SARS and banks attaching an invoice for payment or proof of payment or a statement [here the aim is for you to open the attachment and then click on a link which will install malware on your electronic device, thus allowing the fraudster access to your files and information].
Whilst the first two examples are generally easily identifiable, the other emails require a greater degree of circumspection and the consumer should carefully look at the email address and, if unknown or ending in domain names other than for example .co.za in South Africa or not corresponding to the name of the email in any form, these emails should generally be discarded and marked as junk/spam immediately. For firms it is of utmost importance that all staff know not to open the attachments from these types of emails, which are often .zip files. Since you would normally know from whom to expect an invoice or proof of payment, the first step is thus to examine the email address and compare it to the emails previously received.
Another type of fraud which we have witnessed with clients more recently and which can cause huge damage is a scam where:
- an imposter claims to represent a supplier, having manipulated a genuine invoice/statement from a supplier and simply having changed the banking details thereon. The fraudster is able to obtain confidential information from a supplier, then creates a similar email address and persuades the client to transfer the payment to the “new account”. This scam requires the fraudster to identify a transaction in advance (e.g. in a building project or a property transfer) and then prior to a payment having to be made the fraudster convinces the payee to update the banking details of the supplier or property seller as the case may be. In order to appear legitimate, the fraudster obtains the required info from the supplier and then manipulates the invoice and creates letterheads and bank confirmation letters as supposed validation. Often emails are followed up with telephone calls to put the payee at ease that the change request is legitimate. The account into which payment is then made,is usually that of a person without financial means who is instructed to open an account as the fraudster is allegedly not able to do so for some administrative reason. In return, the account holder is offered a commission for allowing the fraudster to use the account. Once payment is made, the account is cleared immediately and the fraudster obtains the funds from the account holder. In some instances, the “mule” is arrested who opened the account but the money is gone and there is no trace of the fraudster.
- the fraudster obtains your bank account details and a copy of your identification document and then creates a payment instruction to your bank. The bank, acting on the instruction, phones the number provided to confirm the transfer and pays out. The phone number is generally a new number but the bank does not check the number. The email address can be similar to your email address or appear the same when reading the email.
The above scams can lead to substantial funds becoming lost. Whilst the banks may be liable at least in part if one can show that a legal duty rested on them to prevent the perpetration of the fraud, in certain cases, litigation is costly and generally uncertain. The following measures should thus be implemented to lessen the risk of falling victim to such type of fraud:
- Never process a change of bank account request without verifying with the contact person known to you at the supplier or payment recipient that the bank account has been changed, ideally telephonically. In the case of doubt, also check with the bank. Please note that no business will lightly change its bank account and would normally correspond with you timeously and on several occasions beforehand;
- Always send proof of payments to the contact person you have been dealing with in the past, as well as other authorised persons in your company, so that immediate action can be taken if the bank account details or the payment requisition are incorrect;
- Ensure that your electronic devices have updated anti-virus and anti-malware software which can limit the risk of your confidential information and documents from being accessed;
- Ensure that you know if you have given your bank authorisation to effect electronic or telephonic payment requests and obtain confirmation of the security checks in place and your personal information which the bank has on file (in this way, the bank is strictly speaking not allowed to confirm a transaction with a phone number or email address not listed with them).
Disclaimer: Although Hildebrand Attorneys is committed to furnishing reliable and accurate information, this article is intended as a general reference guide only and does not constitute legal advice. Hildebrand Attorneys cannot take any responsibility for the accuracy or currency of the information and if you require particular information you are advised to consult with the article’s author or a qualified legal authority. This article may not be reproduced without the express written permission of the author and Hildebrand Attorneys accepts no responsibility for any loss or damage that may be occasioned as a result of the reliance by any person on the information contained herein