We have been advised of a new scam involving a slightly different modus operandi from the one doing the rounds for the past two years.
In one such matter, after a property sale had been cancelled, the conveyancer needed to refund the deposit to the purchaser. He sent an e-mail to the purchaser’s Gmail address, advising her that the refund would be paid into the FNB account from which the payment had been generated. He received an e-mail response stating that the FNB account had been temporarily discontinued. He thereafter received an e-mail with details of an account held with Nedbank, into which the refund should be paid and he duly made the payment using electronic banking.
In the meantime, the purchaser received e-mails (ostensibly from the conveyancer) apologising for the delay in the transfer of the funds.
By the time the conveyancer became aware that the Nedbank account did not belong to the purchaser, all the money had been withdrawn from the account.
On closer examination it became clear that the e-mails sent to the conveyancer, ostensibly by the purchaser, in fact came from a Gmail address that was almost identical to the purchaser’s address. One letter had been swapped around - for example the address firstname.lastname@example.org became email@example.com. The conveyancer did not notice the slight discrepancy.
E-mails which the real purchaser received, ostensibly from the conveyancer, also came from an almost identical address – for example the address firstname.lastname@example.org, became h.sucker@scammedInc.co.za. The purchaser did not notice the slight discrepancy.
- It seems that the fraudster was somehow able to intercept the Gmails sent to the purchaser’s genuine Gmail address.
- He then appears to have opened accounts with similar addresses to those of the conveyancer and purchaser.
- This enabled him to send messages to the conveyancer and the purchaser, which at first glance, came from their real e-mail addresses.
WE WARN ALL PRACTITIONERS TO BE EXTREMELY VIGILANT WHEN RECEIVING ANY INSTRUCTIONS VIA E-MAIL, PARTICULARLY WHERE THERE ARE INSTRUCTIONS TO MAKE PAYMENTS.
- Carefully check the e-mail address to ensure that it is IDENTICAL to the one on file.
- Please give the party who ostensibly sent the e-mail a call at a verifiable contact number. DO NOT USE A NUMBER PROVIDED IN THE E-MAIL CONCERNED! Do not pay out on an e-mail instruction alone.
- Attorneys should not have possibly unreliable e-mail addresses like Gmail, Yahoo, Webmail Ymail and Hotmail. If the client has such an address, then it might be a worthwhile precaution to follow up any e-mail sent to that address with a short telephone call to ensure that important correspondence has in fact been received by the correct recipient.
- NEVER PAY TRUST MONEY INTO AN ACCOUNT WITHOUT VERIFYING THE BANKING DETAILS.
- YOU NEED TO HAVE A FICA POLICY IN PLACE AND TO FOLLOW IT TO THE LETTER WITHOUT EXCEPTION.
Risk Manager, AIIF