Statement by:

    Rick Crouch
    Rick Crouch & Associates

    Private Investigators & Digital Forensics

    18 July 2019

    Release: Immediate


    The following scam has been going around for some time and many business owners may recognize the modus operandi.

    A business will receive an email from a known vendor that they have been dealing with for some time indicating that their banking information has changed.

    While at first glance the email looks legitimate, there will be subtle differences, such as an additional letter or number in the email address that is not noticeable to the casual observer. Or the email address may be "spoofed" and look identical to the vendor's email address.

    Clients often ask us how the scammer got their and their client's information. Well, it is not by chance. These are professional criminals and it may take them months to find the right target.

    Once they have identified their target they then go to the company website looking for the contact information of finance or IT executives. IT executives are the best because their accounts have access to everything.

    They will then target that employee with a spear-phishing email. This email will contain a Keylogger or a Remote Access Terminal (RAT) that will install automatically behind the scenes. These Trojans quietly gather and monitor everything you do on your computer. Once they have gathered the relevant information they will then be able to remotely access your computer without you knowing.

    After they have access to your computer they then create an email rule that will duplicate and forward any emails with invoice, bank account etc in the body or subject of the email. These emails are forwarded to a Gmail, Yahoo or other "burner" email accounts.

    Once they have this information it is not to difficult to send you an email with the vendors "spoofed" email address requesting the bank account change.

    The bank account that the payment is sent to is usually opened by someone from an informal settlement that was paid to do so, the criminals have no connection to this person.

    "Companies must ensure that their anti-virus software is updated regularly and that their firewall is configured correctly. Have training sessions to educate your staff on the signs of a phishing email and how to prevent it, do not put your company executives on your website. And finally, if you receive an emailed request to change banking information call the company to verify the information. Do not call any number that appears on the email but use the number you have on file for that vendor" said Rick Crouch, private investigator with Rick Crouch & Associates.


    Media Contact:

    Rick Crouch
    Rick Crouch & Associates
    Private Investigators & Digital Forensics
    Mobile: 076.449.5263 | Web: www.rickcrouch.co.za