How Email Fraud Syndicates Are Bleeding South African Businesses Dry

How Email Fraud Syndicates Are Bleeding South African Businesses Dry

South African businesses are facing a silent crisis and it’s happening in their inboxes. From construction companies to hotels, no industry seems safe from the wave of email fraud syndicates draining millions from unsuspecting businesses. The scam isn’t new, but its reach and sophistication have grown at an alarming pace.

The scam that hides in plain sight

According to Chad Thomas of IRS Forensic Investigations, the crime is devastatingly simple: fraudsters intercept legitimate emails, alter invoices, and quietly swap in their own banking details. The victim pays in good faithonly to discover weeks later that the money has vanished into a fraudster’s account.

The trick often hinges on subtle deceptions. A cloned invoice may look identical to the original, while a fake email address might be off by just a single letter. As Thomas put it, “For all intents and purposes, it looks correct, but it isn’t.”

A hotelier’s nightmare

For Paul Nissen, owner of Elizabeth Lodge in Boksburg, the scam has already cost dearly. In one case, his lodge lost up to R20,000 after a customer unknowingly paid a fraudster. In another, Nissen narrowly avoided losing over R100,000 by sending a small “test payment” first, a trick that revealed the bank account was fraudulent.

Now, Elizabeth Lodge has ditched email invoices altogether. “We give account numbers verbally or on WhatsApp, and clients must confirm the last three digits of our bank account back to us,” Nissen explained. “It’s the only way to be sure.”

How syndicates move the money

Once funds hit a fraudulent account, they don’t sit still. Syndicates rely on mule accounts, bank accounts opened by desperate, unemployed individuals recruited for a small fee. The account holders hand over their cards and PINs, while syndicates move the stolen money within minutes through dozens of accounts to erase the trail.

Banks like Standard Bank and FNB have issued warnings about mule accounts and even AI-driven “agentic fraud,” where scammers use realistic-sounding artificial intelligence to impersonate bank officials. Still, business owners like Nissen say the problem is worsening.

“I reported a fraudulent bank account, and weeks later, the same account was being used again. That is frightening,” he said.

Who carries the loss?

Here’s where it gets even more frustrating: the responsibility for verifying banking details falls on the payer. In a recent court battle involving law firm ENS, a client tried to hold the firm accountable for paying into a fraudulent account. While the court initially sided with the client, an appeal shifted the liability back to the person making the payment.

In other words: if you don’t double-check, you lose.

The bigger picture

South Africans on social media are voicing growing anger at banks, with many asking why fraud accounts aren’t flagged immediately. Critics argue that financial institutions, with their vast technological resources, should be using artificial intelligence to spot red flags, like dormant grant accounts suddenly handling large, suspicious transfers.

For now, experts like Thomas say the only real defense is human: “Creditors clerks and debtors clerks need to talk to each other. Pick up the phone, confirm details. Make human contact. If you don’t, the syndicates will win.”

Email fraud syndicates are bleeding South African businesses dry, and while technology could help, prevention still rests on old-fashioned vigilance. Double-check banking details, question invoices, and never assume an email is what it seems.

{Source: The Citizen}

Follow Joburg ETC on Facebook, Twitter , TikTok and Instagram

For more News in Johannesburg, visit joburgetc.com