Supplier Fraud and Banking Detail Change Scams in South Africa

A common SME fraud pattern in South Africa is simple: an attacker intercepts email, sends "updated banking details," and your payment goes to a criminal account.

This is preventable with process discipline.

Typical Scam Pattern

Fraudster gains visibility into invoice traffic.
Fraudster sends urgent bank detail change notice.
Staff updates beneficiary details without independent verification.
Payment is processed and unrecoverable.

Mandatory Verification Workflow

Before any bank-detail change is used:

Phone verification using known historical contact (not number in email)
Dual approval for beneficiary update
Cooling-off hold (24 hours) on first payment to new details
Add beneficiary test payment where appropriate
Document verification evidence in payment file

No exceptions for urgency emails.

Red Flags

Grammar/style change in regular supplier communications
Last-minute urgency pressure
New banking details with no formal letter
Mismatch between supplier name and account name
Requests to bypass normal approval flow

Control Environment

Restrict who can create/modify beneficiaries
Enforce maker-checker approval
Monthly beneficiary change audit
MFA on all banking and email systems
Secure payment run checklist before release

Response if Payment Was Misdirected

Contact bank fraud desk immediately.
Open SAPS case and secure case number.
Notify supplier and insurer where relevant.
Preserve all email headers and logs.
Perform root-cause review and tighten controls.

Speed matters. Minutes can matter.

Disclaimer: Recovery depends on timing and bank process. Engage legal support for high-value incidents.

Supplier Fraud and Banking Detail Change Scams in South Africa

A common SME fraud pattern in South Africa is simple: an attacker intercepts email, sends "updated banking details," and your payment goes to a criminal account.

This is preventable with process discipline.

Typical Scam Pattern

Fraudster gains visibility into invoice traffic.
Fraudster sends urgent bank detail change notice.
Staff updates beneficiary details without independent verification.
Payment is processed and unrecoverable.

Mandatory Verification Workflow

Before any bank-detail change is used:

Phone verification using known historical contact (not number in email)
Dual approval for beneficiary update
Cooling-off hold (24 hours) on first payment to new details
Add beneficiary test payment where appropriate
Document verification evidence in payment file

No exceptions for urgency emails.

Red Flags

Grammar/style change in regular supplier communications
Last-minute urgency pressure
New banking details with no formal letter
Mismatch between supplier name and account name
Requests to bypass normal approval flow

Control Environment

Restrict who can create/modify beneficiaries
Enforce maker-checker approval
Monthly beneficiary change audit
MFA on all banking and email systems
Secure payment run checklist before release

Response if Payment Was Misdirected

Contact bank fraud desk immediately.
Open SAPS case and secure case number.
Notify supplier and insurer where relevant.
Preserve all email headers and logs.
Perform root-cause review and tighten controls.

Speed matters. Minutes can matter.

Disclaimer: Recovery depends on timing and bank process. Engage legal support for high-value incidents.

Theft prevention

Supplier Fraud and Banking Detail Change Scams in South Africa

Typical Scam Pattern

Mandatory Verification Workflow

Red Flags

Control Environment

Response if Payment Was Misdirected

Theft prevention

Supplier Fraud and Banking Detail Change Scams in South Africa

Typical Scam Pattern

Mandatory Verification Workflow

Red Flags

Control Environment

Response if Payment Was Misdirected