Carte Blanche recently highlighted the problem of invoice scams in South Africa, where companies and individuals are scammed out of large amounts of money.
This report follows the high-profile case where Goliath and Goliath and its subsidiary The PR Bailiff were scammed out of R285,000 by hackers who intercepted and altered their invoices.
Sarah Rutherford from analytics software company FICO explained that fraud like this is known as “authorised push payment fraud”.
This happens when fraudsters deceive a business or customer into sending them a payment under false pretences to a bank account controlled by the fraudster.
If the payment is made using the South African SAMOS clearing system, it is irrevocable. Victims cannot reverse a payment once it has been settled, even if they realise they have been conned.
How this scam works
Fake invoice fraud is not complicated to understand, but require some skills in the hacking or cyber-security field. Here is how it works:
The fraudsters use social engineering techniques or other hacking tools to gain access to a person’s email account.
They then intercept an invoice sent via email before it reaches the party which must pay the invoice.
They change the banking details on the invoice to their own banking details.
They send the fraudulent invoice to the party which must pay the invoice via the official email account.
The company or person pay the invoice, but the money lands in the fraudsters’ account, and it is gone forever.
The altered invoice looks exactly like one from your service provider – the only difference is the banking details.
No link between bank account number and the name
The fraudsters rely on a weakness in the banking system whe ..
Support the originator by clicking the read the rest link below.
