Cape Town – Comedy and entertainment agency Goliath and Goliath suffered a loss of more than R300 000 in what appears to be a phishing scam.
The hackers are seemingly intercepting invoices and then changing banking details. The money paid over to the hackers range between R60 000 and R130 000.
The PR Bailiff, which is a subsidiary of Goliath and Goliath, has also been targeted with it losing R20 000.
Goliath and Goliath’s CEO Kate Goliath told Fin24 she was alerted to the scam in April when a client became suspicious about an invoicing query.
“She received an email with my invoice stating that the account number on the invoice was not the correct bank account number; and an alternate bank account number was provided.
“The emailer also sent numerous mails to my client demanding proof of payment. These emails were sent every two hours until the client provided payment.
Goliath said at one point over 700 mails were sent from her email account within three hours. “This is more than the allowed quota. My mails were then blocked and I could not send mails.”
She explained that the email had plain text font and requested payment or proof of payment and included the bank account details of the hackers.
The company is in the process of sending a subpoena to the bank where the funds have been transferred to after it opened a case with the police.
Goliath said she feels like she is being watched. “I am petrified. I feel violated and totally unsafe.”
Business took a knock
She added that she thinks the only way out would be to change here web domain and email service.
“I now have to move all my work and contacts. We also have been slower with our processes so it has affected my business in a bad way
An Afrihost representative told Fin24 that it strongly believes this was a case of phishing.
“We’ve done an extensive investigation and found no evidence of a breach or compromise of our systems,” the company said.
“We sincerely empathise with our client, and we understand their sense of violation, as well as the impact of their financial loss.”
Afrihost said it will work with the SA Police Services during their investigation.
Being alert of cybercrime exposures
Technology is ever changing and requires constant awareness of cybercrime exposures, said Cyber Insurance Expert at AGCS Africa Nobuhle Nkosi.
“Small and medium (SME) companies are more vulnerable than large companies to cybercrime because they do not have large budgets for IT security and do not have dedicated resources within the company to manage the risk,” she told Fin24.
Nkosi advised that SME companies raise awareness internally by training staff members to be aware of the risks associated with cybercrime, such as updating passwords regularly and not opening suspicious emails.
“[They] also need to make sure that their applications and software are updated especially for patches.”