Cyber Fraud on the Rise

By Sulize Möller, Director

It is no secret that cyber fraud is on the increase.  According to The State of Ransomware 2023 report, as published by Sophos, South Africa saw a 78% increase on organisation cyber-attacks in 2023 compared to the 51% attack rate of 2022. 

Attorney firms are particularly vulnerable given the nature and amounts of payments being received on a daily basis.  With the risk of emails being intercepted and documents being altered to such professional standards that even the most trained eye would have trouble spotting the differences, it is more important now than ever that clients are fully aware of the risks and properly informed on ways to mitigate them. 

A recent matter in the Western Cape again highlighted the real threat lurking just beyond the ‘send’ button on the email address of an unsuspecting firm.  After having corresponded with the purchaser in a property purchase transaction, said attorney firm submitted their proforma statement of account to the purchaser for payment.  The purchaser, in good faith, made payment of the account according to the banking details listed on the statement.  Unbeknownst to the purchaser, the said proforma statement had not contained any banking details when it had left the outbox of the secretary sending same.  Information later obtained by the purchaser’s internet security company pointed to the likelihood that the emails of the attorney firm had been hacked and were being monitored by the hackers from the outset.  This information is great, but it doesn’t help one bit in recovering the almost R700 000.00 of the distraught purchaser’s money! 

Make no mistake – these are not amateurs.  These criminals make a living in this manner and in doing so have studied the terminology and processes involved.  They know when to strike and what to say to gain the trust of unsuspecting clients.  They work quickly and can move the money between accounts faster than you can dial 1-800-fraud department! 

But what to do?  Here are some steps that clients can (and should!) take to ensure that their money lands in the intended account: 

1. Know who you are dealing with!  Well established firms do not make a habit of changing their contact, email or trust account details – much less via email!  If you are dealing with a firm for the first time, you can contact the Legal Practice Council to confirm that the firm is registered and that the contact details you are utilising are correct. Keep an eye on the details!  Hackers utilise small, generally undetected changes to email addresses.  Ensure that every email you receive is in fact from the office of the attorney themselves.  Be on the lookout for a suspicious ‘S’ that inconspicuously becomes a ‘5’ or an ‘O’ that suddenly becomes a ‘0’.
2. Go check them out! Where possible, make an appointment to meet with one of the Directors of the firm or ask somebody you trust to attend at their office.  At Bothas Incorporated we encourage clients to pay us a visit before making any payments. 
3. Phone first!  Never make payment before contacting the attorney firm and speaking to a Director or financial manager(ess) to confirm the details being used for payment. 
4. Keep the first payment to a minimum!  As a further safeguard, ensure that you keep your first payment to a minimum. Paying an initial R100.00 and receiving a Bothas Inc. generated receipt will provide you with the confidence to make further payments into the same account. 
5. Send proof of payment and insist that it is checked by a member of staff.  Try to ensure that payments are made during the operating hours of the attorney firm, send proof of payment and then contact them and insist on a response with confirmation that the proof of payment has been received and checked for the correct account number. 

And lastly…. don’t be fooled!  Hackers often start out charming, well informed and willing to assist (in robbing you of your money).  It is, however, short lived and when the sweet facade fails, they may become demanding and, because they know how, their threatening ‘legal’ jargon seems very realistic. When in doubt, don’t do it!

If you are unsure about the information you have received, electronically or otherwise, and are unable to verify same, don’t make the payment!  

Still in the dark? Give us a call at Bothas Inc. to arrange a consultation on 035 792 2011.