Fraudsters get busy

By Leon Engelbrecht, ITWeb senior writer

Johannesburg, 23 Apr 2008

Criminals are finding new and innovative ways to defraud businesses and high-value individuals, says the SA Banking Risk Information Centre (Sabric).

The warning follows similar caution from the SA Fraud Prevention Service last week after it reported that fraud through identity theft had soared to R276 million in the first quarter of this year.

Sabric commercial crime head Susan Potgieter says fraudsters are tweaking a long-running deposit and refund scam to "suit the economic cycle and current events". She says victims are carefully selected businesses, or high-value individuals.

"They have knowledge of the victim's profile, gained by intercepting their mail, staff collusion, media reports, etcetera, not necessarily through data compromise," Potgieter says.

Victims are then fed a credible story, she says. The latest involves the SA Revenue Service (SARS) and tax refunds. She says the non-profit banking anti-crime organisation has received several reports of fraudsters posing as SARS employees and requesting a putative repayment of an overpayment on tax refunds.

They typically provide the victim details of a bank account into which the amount must be paid - and that is the last sight of the funds.

"SARS is currently refunding individuals who are entitled to tax refunds and thus the story line is quite believable," she says.

Potgieter advises consumers not to respond to any requests for repayment of incorrect payments from SARS without checking with the taxman.

Diverting deposits

The migration from cheque payments to electronic disbursements to curb fraud has also influenced criminal behaviour, with swindlers now intercepting original invoices and altering the bank details.

<B>Tips for businesses</B>

* Treat any request for refund with utmost suspicion and do a thorough investigation prior to considering a refund.
* Treat any unsolicited deposits into your bank account with utmost suspicion and as a matter that deserves thorough investigation prior to considering a refund.
* Train finance managers and staff to consider any pressure for a refund as a good reason not to act immediately. This is a common sign of a refund scam.
* First check with the bank if the deposit that was made was a legitimate deposit and whether it was made with a cheque or cash. If it was a cheque deposit, wait until the cheque has been cleared before considering making any refund.
* An insistence on a refund by way of Internet transfer is usually an indication of a scam.
* Validate that the details that are provided by the person requesting a refund are indeed those of the company he purports to represent.
* Conduct accredited vetting processes of employees that deal with financial and other sensitive information.

"There have been reports of incidents where stickers with new payment details have been stuck onto original invoices directing payment to fraudulent accounts," says Potgieter. "Consumers are warned not to accept these changes at face value, but to verify the information using known contact persons. Treat such notification with suspicion and only use the information once you are 100% sure that the facts are correct."

She warns original invoices can be accessed at any point in the business process, starting with crooked staff, to interception of mail, to theft of the invoice at the point of receipt.

"I have no information on a single point of vulnerability," she says, "all are equally vulnerable, and the sooner people realise this, the better they will manage personal and business data."

Potgieter says people only realise they've been had when the real creditor comes knocking.

A variant of the scam has the swindler phoning the victim and pretending to be an employee of the creditor. Through data theft, or compromise, the swindler has all the details of the transaction, the amount due and the names of the contact persons involved on both sides.

The crook then informs the victim verbally and in writing - using the creditor's letterhead which they fax - that their banking details have changed and the amount must be credited to the newly appointed account number and institution. "Obviously the account number they provide has been fraudulently opened," Potgieter says.

The victim deposits the money into the newly appointed account, without verifying this with the creditors - "because they are under the impression that they are dealing with their creditors".

Old hat

<B>Tips for the public</B>

* Treat every request for a payment seriously and always verify the facts. It may help to always keep track of creditors and document their legitimate contact details.
* When receiving information from "creditors" via phone or fax, informing you of changes in their account details, verify the facts by calling the creditors on an alternative number to the one provided on the fax or when you were called.
* It is always a safe option to make payments to creditors electronically, either via Internet banking or electronic transfers that you arrange when signing the credit agreement.

Previously, criminals would deposit a false or fraudulent cheque into a business account and then phone the account-holder and demand a refund.

A variation was pretending to purchase an item and then call to complain that the payment was higher than the quote and that the difference had to be refunded.

The victim would refund the "client" and only recognise the scam once the bank returned the fake cheque - unpaid.