BEWARE: Business Email Compromise Fraud



SABRIC, the South African Banking Risk Information Centre, on behalf of the banking industry would like to inform bank customers about a scam known as ‘Business Email Compromise’ (BEC) where criminals literally ‘steal money by asking for it’. This scam targets specific employees in organisations who are authorised to transfer funds or make payments.

According to the global Mimecast ‘The State of Email Security Report 2019, ‘in the previous

12 months alone, 67% of organizations said they saw the volume of impersonation attacks increase, and 73% of impersonation attack victims experienced a direct resulting loss.’

In addition, a recently issued Public Service Announcement from the US Federal Bureau of Investigation states that ‘between May 2018 and July 2019, there was a 100 percent increase in identified global exposed losses’ due to BEC scams. These stats are alarming as South Africa has also seen a definite increase in this type of scam, in line with global trends.

‘Digital technology, combined with social engineering which exploits our human tendency to be compliant when faced with a directive from an authority figure, enables criminals to perpetuate this type of crime’, says SABRIC acting CEO, Susan Potgieter.

Criminals utilise information obtained from company websites and/or other digital platforms to identify the details of CEO's, Financial Directors and other key senior individuals. They then impersonate these individuals by sending electronic requests via email or text message to junior staff in the accounting or finance function requesting that an urgent payment be made to a specific beneficiary. Another way criminals glean information to perpetuate this crime is through phishing attacks, where users are sent emails containing malicious links and are then manipulated into clicking on them to install malware. This malware is designed to access the network and monitor mailboxes to enable criminals to learn about payment patterns, who the role players are and to understand individual communication styles, including typically used words or phrases. This is to ensure that when a criminal impersonates the person issuing the directive to make a payment, it comes off as authentic and does not arouse any suspicion.

Criminals will also utilise email spoofing software to spoof and email domains to trick the recipient into thinking that an email containing a payment instruction, is from the usual authoriser.

By the time the employee realises that funds have been paid into the incorrect account, it is too late as criminals use accounts belonging to ‘money mules’, who open accounts for this purpose, and then further launder the money by quickly moving it into other accounts.

‘We urge staff to be vigilant about checking a senders email address very carefully should they receive an email instructing them to make a payment. Often, the address will only differ by one or two characters’, says Potgieter.

Organisations must also ensure that deploy multi-tiered risk mitigation strategies to prevent Business Email Compromises. These should include digital resilience mechanisms such as intrusion detection, penetration tests and firewalls, robust policies and procedures with inherent checks and balances, as well education and awareness for staff.

SABRIC urges you to be your money’s best protection by following these tips:



  • Do not click on links or icons in unsolicited emails.
  • Do not reply to these emails. Delete them immediately.
  • Be alert to hyperlinks that contain misspellings of the actual domain name. In some cases, it could be one character.
  • Never give anyone your confidential information, such as login usernames or passwords.
  • Never send anyone your personal or confidential information. Personal information includes identity documents, driver’s licenses, passports, addresses and contact details. Confidential information includes usernames, password and PIN numbers. 


Email Spoofing

  • Ensure the domain visible in received emails is associated with the business it purports to be from.
  • Ensure that permissions are enabled to allow your employees to view full email extensions on their computers.
  • Do not believe the content of unsolicited emails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.
  • Don't ignore reports from colleagues about mysterious emails coming from your accounts.


Business Email Compromise

  • Never list your main email address publicly anywhere online - in forums, in online advertisements, on blogs, social media or any place where it can be harvested by spammers. Use a separate email address for the internet which is not linked to your personal or business email account.
  • Any unplanned or urgent payment instructions should be questioned. Always check with the person issuing the directive in-person or via a credible channel – preferably one where you can see them.
  • Any requests for a change in beneficiary account details should be verified by contacting the sender using normal, legitimate historically sound contact details.


To arrange for interviews with acting SABRIC CEO, Susan Potgieter, please contact:

Louise van der Merwe

Tel: +27 11 847 3134

Cell: 082 070 5349



Notes to Editors:

SABRIC is a NPF company formed by South African banks to support the banking industry in the combating of crime. SABRIC’s clients are South African banks and major CIT companies. Its principle business is to detect, prevent and reduce organised crime in the banking industry through effective public private partnerships. SABRIC co-ordinates inter-bank activities aimed at addressing organised bank related financial crime, violent crime and cybercrime, and acts as a nodal point between the banking industry and others, in respect of issues relating to these crimes. The creation of public awareness of various bank related crimes and educating the public on how to protect themselves is one of SABRIC’s key focus areas. For more on SABRIC visit