Criminals are swindling unsuspecting consumers out of their life savings. In some specific cases, the fraudsters managed to intercept e-mails from a financial services provider to its clients, advising them on tax savings by bolstering their retirement policies or tax free savings.
How it happened is that the fraudsters intercepted the e-mail and responded on behalf of the client, asking for confirmation on what had been put into retirement savings and also what was still possible. The financial advisors then responded and provided a breakdown of the current tax year investments and what the client was allowed to contribute before the end of the tax year.
This has been revealed by John Mc Loughlin, CEO at J2 Software.
"The documentation contained the customer information and details of the investment to be paid via eft and also included the businesses bank details, " explained Mc Loughlin.
Financial loss due to cyber crime
Having received the signed document as well as the proof of payment from the client’s email address, the financial advisor assumed all was in order. This was then sent for processing as they waited for the investment to clear in their bank account.
Several days later the deposit had not been cleared and they contacted the client. The client obviously cooperated and then sent the proof of payment to the financial advisor but this didn’t match the one they had received days before.
"This is when we began our investigation on their behalf. From the evidence in front of them it now appeared that a trusted insider working within their business had given the client the incorrect bank details in order to commit fraud," said Mc Loughlin.
Mc Loughlin says the client had seen an email with documents that were nearly similar, except the bank details were different. "Upon investigation, the client had received the changed documents from a free email service which was a fake account using mail.com and a derivative we have seen before – they use a free email service with the domain consultant.com.
"It became clear that the client had their email account compromised, and it was not a malicious insider at the financial advisor as initially thought. This compromise happens because people never change their email passwords. Compromised passwords allow cyber criminals to access their email accounts. They don’t need to do anything except wait for the right email to arrive, " warned Mc Loughlin.
In this case the attacker intercepted the emails from the financial services company before the client saw them. They then created a cloned email address on a free email service and then sent the altered documents to complete the fraud.
"The reason the attacker would have then sent fake proof of payment was to delay the business from following up. This delay gave the attacker enough time to empty the fake bank account of over R300 000.00. This client now has lost a large amount of money which was destined to be a retirement saving," concluded Mc Loughlin.
Cover image credit: Kal Visuals/Unsplash