We have been advised of a new scam involving a slightly different modus operandi from the one doing the rounds for the past two years.
In one such matter, after a property sale had been cancelled, the conveyancer needed to refund the deposit to the purchaser. He sent an e-mail to the purchaser’s Gmail address, advising her that the refund would be paid into the FNB account from which the payment had been generated. He received an e-mail response stating that the FNB account had been temporarily discontinued. He thereafter received an e-mail with details of an account held with Nedbank, into which the refund should be paid and he duly made the payment using electronic banking.
In the meantime, the purchaser received e-mails (ostensibly from the conveyancer) apologising for the delay in the transfer of the funds.
By the time the conveyancer became aware that the Nedbank account did not belong to the purchaser, all the money had been withdrawn from the account.
On closer examination it became clear that the e-mails sent to the conveyancer, ostensibly by the purchaser, in fact came from a Gmail address that was almost identical to the purchaser’s address. One letter had been swapped around - for example the address email@example.com became firstname.lastname@example.org. The conveyancer did not notice the slight discrepancy.
E-mails which the real purchaser received, ostensibly from the conveyancer, also came from an almost identical address – for example the address email@example.com, became h.sucker@scammedInc.co.za. The purchaser did not notice the slight discrepancy.
- It seems that the fraudster was somehow able to intercept the Gmails sent to the purchaser’s genuine Gmail address.
- He then appears to have opened accounts with similar addresses to those of the conveyancer and purchaser.
- This enabled him to send messages to the conveyancer and the purchaser, which at first glance, came from their real e-mail addresses.
WE WARN ALL PRACTITIONERS TO BE EXTREMELY VIGILANT WHEN RECEIVING ANY INSTRUCTIONS VIA E-MAIL, PARTICULARLY WHERE THERE ARE INSTRUCTIONS TO MAKE PAYMENTS.
- Carefully check the e-mail address to ensure that it is IDENTICAL to the one on file.
- Please give the party who ostensibly sent the e-mail a call at a verifiable contact number. DO NOT USE A NUMBER PROVIDED IN THE E-MAIL CONCERNED! Do not pay out on an e-mail instruction alone.
- Attorneys should not have possibly unreliable e-mail addresses like Gmail, Yahoo, Webmail Ymail and Hotmail. If the client has such an address, then it might be a worthwhile precaution to follow up any e-mail sent to that address with a short telephone call to ensure that important correspondence has in fact been received by the correct recipient.
- NEVER PAY TRUST MONEY INTO AN ACCOUNT WITHOUT VERIFYING THE BANKING DETAILS.
- YOU NEED TO HAVE A FICA POLICY IN PLACE AND TO FOLLOW IT TO THE LETTER WITHOUT EXCEPTION.
Risk Manager, AIIF
The advice given is very good. It places more responsibility on the attorneys and secretaries to verify all important information by phone as well as email. Most transactions are handled almost exclusively via email but it is safer to still use phone calls in addition to the emails. All important information should be independently verified (banking details especially) and also all parties must be carefully Fica'ed to ensure everything is legal and to avoid becoming prey to a scam!!!
Leave a comment: