Change of bank details scam in South Africa

Recently, we had an experience where one of our clients received an email notifying her of a change in our banking details. Thankfully, the client got suspicious and phoned us to check the information she received which was indeed fraudulent. This prompted us to provide some more information and tips on how to identify such fraudulent correspondence and what to do when you suspect that you are the target of such an email or letter.

How does this work?
While technology makes our lives easier, it also exposes us to all kinds of risks. A change of banking details scam happens when a criminal assumes the identity of a company employee with the express goal of diverting company intended funds into their own account.

A company website is the first place where a criminal could gather all kinds of useful information, such as an ‘About Us’ section where the criminal can find and assume an identity of an owner or manager, that he would seem familiar to the target customer. Another source of public information which could be used is your customer testimonials which the fraudster can use to compile a hit list of targets. Your company logo can also be used to create a brand identity that the target recognises and makes the communication seem authentic.

The rest is even easier: the fraudster sets up a fake email address, using the identity of a key staff member of the target company. Company sent emails can potentially be intercepted or hacked via the client’s email account. Next, the fraudster sends out a fraudulent email to his hit list of victims to inform them that the company’s bank account has been changed and to provide the ‘new’ (fake) banking details into which customers must make their next payment. Usually, once the customer has made this payment, the money is quickly transferred into another account and withdrawn, leaving little trace of the criminal activity which is why it is so difficult to prosecute such crimes.

Unfortunately, there have been some cases where company employees are the providers of client information. Therefore, it is important for businesses to review internal systems and protocols to ensure that sensitive information is only dealt with by permanent staff members, and only with the approval of a senior team member. Segregation of duties between employees also creates less opportunity for any one person to contribute to any fraudulent or illegal activity and security controls like anti-virus software along with the latest security updates are crucial requirements in protecting client and company information.

How to protect yourself or your business

  • Do not respond to an email that you suspect of being fraudulent and never click on any links in such correspondence. 
  • The first thing you should do is phone your regular contact at the company to confirm the correspondence. Do not call the phone number given on the suspected fraudulent document as this is probably false too and they may have someone ready on the other end of the line to confirm the fraudulent details. Speak to someone you know and check the phone number on other documents you received in the past.
  • Always ensure that you have the latest security updates installed on your computer and that your anti-virus software is active.
  • If the payment was for goods purchased, be sure to wait for a notification from the bank confirming clearance of the money in your account. Do not accept electronic proof of payment or faxed deposit slips as those are easy to forge. 
  • Change your banking passwords regularly and place sensible limits on your accounts.
  • Make sure your staff is aware of any potential security issues and current scams so they may identify such attempts early on. 
  • Do not publish your banking details on the internet

How to identify a fraudulent email
Sometimes fraudsters make mistakes; here are some common errors to look out for:

  • The email may have a number of spelling or grammar mistakes. It may not just be a typing error, be sure to check the correspondence carefully for obvious mistakes.
  • Check the domain name of the email address carefully: fraudulent emails often have just one letter out of place like a capital letter or hyphen where there shouldn’t be one. Compare the email address against previous emails from your regular company contact.
  • Ensure that the correct extension is used, for example, .com or
  • If the email signature is of poor quality (blurry), it could have been copied and pasted. Again, it may be a good idea to compare it to previous emails from the same company or person.
  • Compare the phone number on the possible fraudulent document with the phone number you have in other documents from the same company to make sure there are no inconsistencies.

Aside from such a crime exposing you or your business to serious risk, it is also the time it takes to resolve which may have a negative effect. Make sure your family and staff are aware of the existence of these kinds of scams so they may be extra vigilant when dealing with payments and sensitive documents. 

Call your local Garrun broker or our head office on 011 694-5000 if you suspect you’ve just received a fraudulent email from us.