Skip to main content

Huge losses as fraudsters intercept emails

Fraudsters have once again swindled unsuspecting clients out of their life savings.

They managed to intercept emails from a financial services provider to its clients, advising them on tax savings by bolstering their retirement policies or tax free savings, according to cyber-security specialist and J2 Software CEO John Mc Loughlin.

The fraudsters intercepted the email and responded on behalf of the client, asking for confirmation on what had been put into retirement savings and also what was still possible. The financial advisors then responded and provided a breakdown of the current tax year investments and what the client was allowed to contribute before the end of the tax year.

He says the financial advisor emailed the requested information and documentation to the client’s email address. “The documentation contained the customer information and details of the investment to be paid via eft and also included the businesses bank details.”

Having received the signed document as well as the proof of payment from the client’s email address, the financial advisor assumed all was in order. This was then sent for processing as they waited for the investment to clear in their bank account.

Several days later the deposit had not been cleared and they contacted the client. The client obviously cooperated and then sent the proof of payment to the financial advisor but this didn’t match the one they had received days before.

“This is when we began our investigation on their behalf. From the evidence in front of them it now appeared that a trusted insider working within their business had given the client the incorrect bank details in order to commit fraud,” he explains.

Mc Loughlin says the client had seen an email with documents that were nearly similar, except the bank details were different. “Upon investigation, the client had received the changed documents from a free email service which was a fake account using and a derivative we have seen before – they use a free email service with the domain

“It became clear that the client had their email account compromised, and it was not a malicious insider at the financial advisor as initially thought. This compromise happens because people never change their email passwords. Compromised passwords allow cyber criminals to access their email accounts. They don’t need to do anything except wait for the right email to arrive,” he warns.

In this case the attacker intercepted the emails from the financial services company before the client saw them. They then created a cloned email address on a free email service and then sent the altered documents to complete the fraud.

“The reason the attacker would have then sent fake proof of payment was to delay the business from following up. This delay gave the attacker enough time to empty the fake bank account of over R300 000.00. This client now has lost a large amount of money which was destined to be a retirement saving,” he concludes.

First seen at IT Online

  • Hits: 1257