Cybercrime: Is that email really from your boss?

Source: Fin24, 08/10/2018

While consumers have become more familiar with phishing scams where
generic emails are sent out to lots of people, it might be trickier to
spot so-called CEO or CFO fraud and email spoofing, cautions the SA
Banking Risk Information Centre (Sabric).
In its latest Digital Banking Crime Statistics report, Sabric warns
that digital technology has provided new ways for criminals to commit
digital banking crimes â€` in fact, more than half (55%) of
crime-related gross losses reported to Sabric occur online.
`Gross losses` is a term used in the banking industry to refer to the
total loss to the consumer as well as the bank. It therefore includes
instances where the bank has refunded the client.
Email spoofing
Email spoofing is basically a `change of bank details scam`.
It is where an unsuspecting person receives an email informing them
that a supplier is changing their bank account details. The
correspondence usually includes the details of the new account.
The details are, or course, fraudulent, and the victim unwittingly
pays the fraudster and not the supplier.
CEO fraud
CEO/CFO fraud is a `niche` type of email spoofing, where a
cybercriminal pretends to be the chief executive officer CEO, chief
financial officer or other senior executive from the victim`s
organisation.
Before targeting you, cyber criminals would have researched as much as
possible about co-workers on sites like LinkedIn, Facebook, or Twitter
â€` to determine who works in the finance department.
Instead of sending a generic email to millions of people, they send a
custom email, that looks very realistic, to target a select number of
people.
The victim is given a fraudulent instruction to supply information,
make a payment or re-direct a pending payment into the fraudster’s
bank account.
Sabric tips to protect against email spoofing:
• Constantly have your spam filters enhanced.
• Never click on unfamiliar links or download unfamiliar attachments.
• Delete emails from unfamiliar email addresses.
• Learn to read header information and check the IP address on an email.
• When acting on an email, check the email address for possible minor
changes to the email address.
• When replying to an email, check that the email address has not changed.