FRAUD IN THE INBOX: HOW DIGITAL BANKING SCAMS ARE TARGETING SOUTH AFRICAN BUSINESSES

We used to spot fraudsters easily, bad spelling, dodgy email addresses, and a tone that blatantly shouted out “scam”. Unfortunately, that’s all changed. Today’s criminals are polished, patient, and increasingly professional, like any other professional, that is their job and they do it well and they are targeting South African businesses and they’re getting it right.

This isn’t just about a few phishing emails landing in a junk folder. It’s a coordinated digital assault, and if you or your employees are handling company payments, procurement, or approvals, then, take this as your early warning siren.

The New Face of Fraud

The scams we’re seeing now are smart. Criminals are building fake digital identities that mimic legitimate suppliers, partners, and even internal staff. They hijack email threads mid-conversation, they spoof phone numbers, they research company hierarchies and patiently wait for the right moment to strike.

Just last month, I spoke to a medium-sized logistics firm that lost over R1.2 million to a “CEO scam”. The finance administrator received an urgent, well-worded email, appearing to come from the company director, authorising payment to a new supplier. Everything looked legit, but it wasn’t.

Why Your Business Is a Target

Whether you’re a small business with a bookkeeper or a large firm with a full finance department, the vulnerabilities are the same. Cybercriminals aren’t just targeting banks; they primarily go after businesses and people that use banks. And in most cases, they are relying on one thing, human error.

Key Red Flags to Watch Out For

Here are some practical signs and behaviours to watch out for, these should trigger immediate caution:

1. Changes to banking details via email

Always treat changes to bank account numbers or payment instructions as highly suspicious. Verify with a phone call to a familiar person in the company on the formal company telephone number and request a bank verification letter directly from this person, not the address in the email.

2. Unusual urgency or secrecy

If you’re being pressured to make a quick payment or “keep this confidential”, step back. Fraudsters prey on rushed decision making.

3. Slight changes in email addresses

Example: info@company.com vs. info@c0mpany.com – that’s a zero, not an “o”. These subtle changes can be hard to spot at a glance.

4. Unfamiliar or inconsistent writing tone

Even if the name is familiar, is the tone of the message off? Does your “boss” or “supplier” suddenly sound like someone else or strange?

5. Inbound calls claiming to be from your bank or supplier

Never share account numbers, OTPs, or authorise transactions on a call you didn’t initiate. If you have even the slightest doubt, don’t be influenced to do it, hang up.

Simple, Actionable Safeguards

■ Train your staff, especially those in finance, procurement, and HR. They need to know the latest tactics.

■ Use multi-factor authentication on all sensitive accounts.

■ Set up dual approval for high- value transactions.

■ Regularly review email and cybersecurity protocols. Consider professional penetration testing or simulated phishing campaigns.

■ Report suspicious emails and fraud attempts to your bank and to the Southern African Fraud Prevention Service (SAFPS).

This Isn’t Just IT’s Problem

Cyber fraud isn’t just a technology issue; it’s a huge business risk issue. Whether you’re running a small manufacturing business in KZN or a national retail chain, one small error can lead to devastating financial loss and reputational damage.

Take the time to review and reassess your processes. Make fraud awareness part of your workplace culture. And always trust your gut instincts, if something doesn’t seem right, it probably isn’t.

T: +27 (0)31 109 1888

E: care@mobiventures.co.za

W: www.mobiventures.co.za