Email compromise scams are a growing threat in the digital world. These scams can have devastating financial and reputational consequences for individuals and organisations. 

Email compromise occurs when a malicious actor gains unauthorised access to an email account. This can happen through various methods, such as phishing, malware, or social engineering. Once they have access, scammers can monitor communications, steal sensitive information, and use the compromised account to conduct further fraudulent activities.

Common Email Compromise Scams

Business Email Compromise:  Scammers pose as a company executive or trusted partner to trick employees into transferring funds or sharing sensitive information. 

Invoice Scams: Fraudsters intercept legitimate invoices and alter payment details, redirecting funds to their accounts. 

Phishing: Attackers send deceptive emails to trick recipients into revealing login credentials or other personal information. 

Spear Phishing is a more targeted form of phishing in which attackers personalise emails using information gathered from social media or other sources to increase credibility. 

Suggested prevention strategies include:

• Enhance Email Security  
• Educate and Train Employees  
• Implement Robust Policies and Procedures 

Legal Framework

Email compromise scams intersect with several legal frameworks designed to protect personal information and combat cybercrime, these include:

• Protection of Personal Information Act 4 of 2013 (“POPIA”):  POPIA governs the processing of personal information and requires organisations to implement adequate security measures to protect personal data. 
• Electronic Communications and Transactions Act 25 of 2002 (“ECTA”):  ECTA provides legal recognition to electronic transactions and communications and outlines requirements for secure electronic communications. 
• Cybercrimes Act 19 of 2020:  This act addresses various cybercrimes, including unauthorised access to data, cyber fraud, and phishing, providing law enforcement with tools to combat cybercrime.

What to Do If You Are Compromised

Immediate Actions 

Change Passwords:  Immediately change the passwords for the compromised account and any other accounts using the same credentials. 

Enable multifactor authentication:  If it is not already in place, enable multi-factor authentication on all accounts. 

Notify IT and Security Teams:  Inform your organisation's IT and security teams to initiate an investigation and mitigate further damage.

Contain and Assess the Damage 

Identify the Breach: Determine how the compromise occurred and what information or accounts were accessed. 

Secure Accounts: Check for any unauthorised forwarding rules or changes to email settings and revert them. 

Monitor Activity: Closely monitor accounts for suspicious activity and unauthorised access.

Inform Affected Parties 

Notify Partners and Clients: Seek advice on informing the Information Regulator. Inform any relevant partners, clients, or stakeholders about the breach and any potential impact on them. 

Report to Authorities: Seek advice on reporting the incident to the South African Police Service (SAPS) Cybercrime Unit and the Information Regulator if personal information was compromised.

Review and Improve Security Measures 

Post-Incident Analysis: Conduct a thorough review of the incident to identify vulnerabilities and areas for improvement. 

Update Security Protocols: Implement enhanced security measures based on lessons learned from the breach.

Conclusion

Email compromise scams pose a significant risk to both individuals and organisations in South Africa. By understanding the nature of these threats and taking proactive measures to prevent them, you can reduce the likelihood of falling victim. However, if a compromise does occur, swift and decisive action is crucial to mitigate damage and prevent further breaches. Regularly updating security practices and fostering a culture of awareness are key components in defending against email-based threats. By staying vigilant and informed, you can protect your digital communications and maintain the integrity of your business operations within the South African legal context. 

Written by Nicolene Schoeman-Louw; Specialist Technology, Commercial and Contract Law; SchoemanLaw Inc