Much like evolution weeds out the weak, so too must criminals evolve to stay one step ahead of the rest of us.

When it comes to cars, theft and scamming can be a lucrative business, so it pays to be up to speed with the latest techniques employed by crooks.

We told you recently about the new hijacking scam that SAPS warned car dealerships and private sellers to watch out for, which was pretty simple in its execution, but this scam involves a little more complexity.

MyBroadband has now learnt of two separate incidents where an email between a dealership and a customer has been intercepted, with dire consequences for the customer.

The first of these involved the purchase of a Ford Ranger bakkie by a MyBroadband reader (incidentally, no longer the best bakkie in South Africa):

The dealership told the reader they would send the appropriate banking details for the payment via email, but this email was intercepted by a malicious party.

The banking details were altered by the scammer, and the scammer’s own bank details were sent to the reader.

It is worth noting that the email address the reader received the bank details from was not the same as the dealership employee’s real email address.

However, since the reader had never received an email from the employee before, they were unable to identify this.

At this stage, the reader made the payment, and sent proof of payment to the scammer’s account. That proof of payment was then edited by the scammer, with the bank details of the dealership inserted, before being forwarded to the dealership itself.

Essentially, the perfect crime, with neither the reader nor the dealership aware of what’s cracking. It took a few days before the dealership realised it had been duped, and the car was returned.

In the end, the dealership and the reader split the cost of the lost money, meaning the customer ended up paying 150% of the original purchase price.

A similar scam happened in December (reported on here), with the Ford Ranger again the car involved, and a sum of R380 000 going into a fraudulent account.

The dispute ended up in court. The man purchasing the Ford Ranger was found to be at fault for not verifying the account he paid the money too, and still owed the dealership the full amount for the vehicle.

That’s going to leave a mark.

According to Rudi Dicks, director of cybersecurity at CheckMark, this scam is reasonably common:

“By far the most common failure point is a weak email account,” said Dicks.

“This is usually, but not always on the victim’s side. The attackers will gain access to this mailbox, often through guessing weak, or reused passwords to the mailbox or by conducting a phishing attack and manipulating the victim into providing credentials by asking them to log into a fake webmail login page.”

“From here the attackers will monitor the mailbox, sometimes for multiple months, waiting until an invoice for a large amount is delivered into the mailbox. The attacker will immediately delete the email after saving a copy and then go to work altering the banking details.”

“They will often even change the bank used. We’ve even seen instances where attackers alter scanned documents with photo editing software,” said Dicks.

Once altered, said Dicks, the mail will be placed back into the mailbox by mailing it from a similar or spoofed address, with a “reply to” address of their choice.

From there, the con is on.

It pays to be aware of these scams, and it also pays to know what you can do to protect yourself from such attacks in the first place.

For some tips on how to prevent this type of mail fraud, read the rest of the MyBroadband article here.

[source:mybroadband]