Businesses should once again be on the lookout for a business-to-business identity theft scam currently doing the rounds that involves the deceitful diverting of payments.
So says the South African Banking Risk Information Centre (Sabric), which explains that perpetrators of this scam usually assume the identity of a supplier, and communicate, via e-mail or a letter with fraudulent letterheads, changes in banking details to the business that is being targeted.
Meanwhile, Sabric adds, the new account details they provide are of another banking account, which they have control over.
"This is an old scam that is resurfacing, but what is of concern is that the perpetrators make these communications seem so authentic that some businesses are still falling victim," says Sabric CEO Kalyani Pillay.
"Perpetrators go to the extent of ensuring that correspondence from the targeted business to verify the notification is diverted to a member of their group, who will confirm the instruction to be legitimate."
The SA 2012 Cyber Threat Barometer report, published last month, cites denial-of-service, economic fraud and the theft of confidential information as the main concerns for SA.
"The top cyber services targeted are Internet banking, e-commerce sites and social media sites. Criminals are typically mainly after logon credentials, bank or credit card information and personally identifiable information. The most common attack methods are still phishing, the abuse of system privileges and malicious code infections," the report notes.
Pillay urges businesses not to act in haste when receiving notifications for change in banking details from their suppliers unless they are certain of the legitimacy of the notice, even when pressurised to do so.
"Always ensure that you satisfy yourself that it is indeed your supplier that you are liaising with," Pillay advises.
Sabric says, where feasible, businesses should train staff members dealing with suppliers to establish rapports with individuals in the supplier's office in order to easily confirm these types of requests telephonically via such trusted sources.
Staff alertness and attention to detail, such as noticing slight tweaks in e-mail addresses or other contact details, is another preventative measure of these business scams, the body notes.
Among the measures to ensure that businesses do not fall victim to the scams, Sabric says organisations must beware of supposedly confirmatory e-mails from almost identical e-mail addresses, such as .com instead of co.za, or addresses that differ from genuine ones by perhaps one letter, which can be easily missed.
It is essential to make sure that you are certain of the identity of the person your business is dealing with at all times, Sabric also urges.
Do not throw away your business (and suppliers') invoices or any communication material that contains letterheads, always shred them.
Verify any request for information with the supplier over the telephone, ideally with someone you know and have known for some time.
Confirm notifications for any changes of banking details via official correspondence with your suppliers (such as a letter) using their contact details that you have in your database, preferably before processing the next payment.
Do not publish your bank account details on the Internet as this is company private information that can be used fraudulently, and genuine customers may end up making payments to fraudsters' accounts.
Ensure that your company's private information is not disclosed to third parties who are not entitled to receive it, or third parties whose identities cannot be suitably verified, Sabric urges.
Share