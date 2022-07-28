'Intercepted email' scams on the rise in SA - how to protect yourself
In a world that's so connected, we are all likely to come under some form of cyber attack at some point.
In her regular slot on The Money Show, Wendy Knowler focuses this week on an email scam which she finds "particularly nasty".
The consumer journo says she's been referring to it as "the intercepted email scam" but the official name is Business Email Compromise or BEC, according to the South African Banking Risk Information Centre (Sabric).
"BEC leads to Email Account Compromise (EAC)."
"It means cyber criminals use various tactics, such as password sprays, phishing, or malware, to compromise a victim’s email account, thereby gaining access to legitimate mailboxes."
Knowler hadn't been aware this scam was on the rise in South Africa until she heard from a woman who fell victim three times in three months.
... all different forms of it but, essentially, she thought she was paying somebody but the email containing the invoice had been intercepted... and the fraudster had put his banking details in; that's how it works. And off her money went!Wendy Knowler, Consumer journalist
She liaised with the banks concerned to get her money back, but that account had been cleared.Wendy Knowler, Consumer journalist
In this case it emerged that Bev’s email account was compromised.
Usually it's the companies you're meant to pay for goods or services that get hacked in this way, says Knowler.
Once cyber criminals gain access to the target’s email account, they have access to information they can use to profile their victim says Sabric.
This includes calendars, meetings with suppliers or customers, corporate directories, and even files in the file shares.
They mimic the victim, and craft very convincing and timely messages using the knowledge they gain to send the email at an opportune time... This leads to email fraud, where the attacker uses social engineering to trick the victim...Wendy Knowler, Consumer journalist
In a nutshell, this is Knowler's advice:
"Before you pay any invoice that’s been EMAILED to you, wait until working hours and call the company - having sourced the number from something other than that email - ask for account and check the account number. EVERY TIME!"
For more detail on how to protect yourself, listen to the full conversation below:
This article first appeared on CapeTalk : 'Intercepted email' scams on the rise in SA - how to protect yourself
