CAPE TOWN - Local comedy and entertainment agency, Goliath & Goliath fell victim to an email scam which saw hackers loot under R300 000 from the company.
The scam which reportedly came to light in April this year saw the company’s subsidiary, the PR Bailiff also lose R20 000.
“At the end of April, when a client called me to let me know something suspicious was going on with emails that were sent to her, she received an mail (from my email account) with my invoice stating that the account number on the invoice was not the correct bank account number and to use the alternate bank account number. The emailer (hacker) also sent numerous emails to my client (from my email address) demanding proof of payment, these emails were sent every 2 hours until client provided payment. Payments were made into the account the hackers provided”, said Goliath and Goliath CEO, Kate Goliath.
Kate said that the hackers were receiving payments which were intended for the entertainment company. They incepted emails and changed invoicing details to reflect their bank account number.
More than 700 emails were reportedly sent from Kate’s account within a matter of less than three hours and this is more than the quota that is allowed.
While clients were under the impression that they were making payments to Goliath and Goliath, these funds were in fact paid into the hackers FNB account.
What the hackers did was change the backend information and updated certain email instructions. They put filter instructions on the email account so that Goliath and Goliath would not have sight of the email correspondence.
These emails were then retrieved in Goliath and Goliath’s “trash” box.
Kate said that an investigation has been launched with Case Number CAS26/5/2018 and she is yet to ask the investigating officer to submit a subpoena to the bank to get the name of the account holder. At this point, the bank will not give the company any details on their internal investigation, she added.
“I was under the impression that FICA meant the bank was liable for identifying account holders to avoid fraud and money laundering”, said Kate.
The group said that they are in the process of buffering up their security measures and investigation other service providers.
Kate said that while FNB was helpful at first the minute they detected fraud, this becomes a police matter and they have to work with the bank.
She added that this has turned her life upside down and she is afraid to conduct her day-to-day business.
“I still feel like I am being watched and that I have no way out but to change my entire web domain and email service, I now have to move all my work, all my contacts which adds extra work and time that no one has, we also have been slower with our processes so it has affected my business in a bad way”, said Kate.
Meanwhile, Goliath and Goliath have requested Afrihost to provide details of who has logged into their account (backend). However, they said they do not keep those details for longer than 3 days. The matter now lies in the hands of the police and FNB.
- BUSINESS REPORT ONLINE