https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Africa|Business|Components|Engineering|Financial|SECURITY|Service|Technology|Operations
Africa|Business|Components|Engineering|Financial|SECURITY|Service|Technology|Operations
africa|business|components|engineering|financial|security|service|technology|operations
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Understanding Email Compromise and Scams: Prevention and Response

Close

Embed Video

Understanding Email Compromise and Scams: Prevention and Response

SchoemanLaw Inc

30th July 2024

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

Email compromise scams are a growing threat in the digital world. These scams can have devastating financial and reputational consequences for individuals and organisations. 

Email compromise occurs when a malicious actor gains unauthorised access to an email account. This can happen through various methods, such as phishing, malware, or social engineering. Once they have access, scammers can monitor communications, steal sensitive information, and use the compromised account to conduct further fraudulent activities.

Advertisement

Common Email Compromise Scams

Business Email Compromise:  Scammers pose as a company executive or trusted partner to trick employees into transferring funds or sharing sensitive information. 

Advertisement

Invoice Scams: Fraudsters intercept legitimate invoices and alter payment details, redirecting funds to their accounts. 

Phishing: Attackers send deceptive emails to trick recipients into revealing login credentials or other personal information. 

Spear Phishing is a more targeted form of phishing in which attackers personalise emails using information gathered from social media or other sources to increase credibility. 

Suggested prevention strategies include:

  • Enhance Email Security  
  • Educate and Train Employees  
  • Implement Robust Policies and Procedures 

Legal Framework

Email compromise scams intersect with several legal frameworks designed to protect personal information and combat cybercrime, these include:

  • Protection of Personal Information Act 4 of 2013 (“POPIA”):  POPIA governs the processing of personal information and requires organisations to implement adequate security measures to protect personal data. 
  • Electronic Communications and Transactions Act 25 of 2002 (“ECTA”):  ECTA provides legal recognition to electronic transactions and communications and outlines requirements for secure electronic communications. 
  • Cybercrimes Act 19 of 2020:  This act addresses various cybercrimes, including unauthorised access to data, cyber fraud, and phishing, providing law enforcement with tools to combat cybercrime.

What to Do If You Are Compromised

Immediate Actions 

Change Passwords:  Immediately change the passwords for the compromised account and any other accounts using the same credentials. 

Enable multifactor authentication:  If it is not already in place, enable multi-factor authentication on all accounts. 

Notify IT and Security Teams:  Inform your organisation's IT and security teams to initiate an investigation and mitigate further damage.

Contain and Assess the Damage 

Identify the Breach: Determine how the compromise occurred and what information or accounts were accessed. 

Secure Accounts: Check for any unauthorised forwarding rules or changes to email settings and revert them. 

Monitor Activity: Closely monitor accounts for suspicious activity and unauthorised access.

Inform Affected Parties 

Notify Partners and Clients: Seek advice on informing the Information Regulator. Inform any relevant partners, clients, or stakeholders about the breach and any potential impact on them. 

Report to Authorities: Seek advice on reporting the incident to the South African Police Service (SAPS) Cybercrime Unit and the Information Regulator if personal information was compromised.

Review and Improve Security Measures 

Post-Incident Analysis: Conduct a thorough review of the incident to identify vulnerabilities and areas for improvement. 

Update Security Protocols: Implement enhanced security measures based on lessons learned from the breach.

Conclusion

Email compromise scams pose a significant risk to both individuals and organisations in South Africa. By understanding the nature of these threats and taking proactive measures to prevent them, you can reduce the likelihood of falling victim. However, if a compromise does occur, swift and decisive action is crucial to mitigate damage and prevent further breaches. Regularly updating security practices and fostering a culture of awareness are key components in defending against email-based threats. By staying vigilant and informed, you can protect your digital communications and maintain the integrity of your business operations within the South African legal context. 

Written by Nicolene Schoeman-Louw; Specialist Technology, Commercial and Contract Law; SchoemanLaw Inc

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za