R1.2m out of pocket in offshore middle-man scam
● Beware of fraudsters getting wind of your investment plans. They can do so by hacking into your e-mail or that of your financial adviser, resulting in you unwittingly paying money into a fraudster’s bank account instead of the financial services provider’s.
This happened to Durban psychologist Felicity Tonkinson late last year, when she was defrauded of R1.2-million while attempting to make an offshore investment.
Tonkinson describes the trauma of losing such a large sum of money so late in her working life as devastating. “I was not negligent with my personal information nor the safety of my computer. To be robbed of your financial security is comparable to being psychologically mugged,” she says.
Tonkinson fell for “man-in-the-middle” fraud — when a fraudster intercepts communication, usually e-mails, between you and a trusted party. The fraudster poses as one of the parties and supplies his own bank details to divert payment to himself.
In Tonkinson’s case, the fraudster, posing as her financial adviser Nando Menin of Bay Union, advised her to use alternative banking details to those originally supplied to her to make the offshore investment.
During the course of her communication with Menin about her investment, Tonkinson received an e-mail from a Gmail account in his name. In the e-mail the fraudster, posing as Menin, advised her to transfer the funds into a local bank account.
When Tonkinson realised she had been swindled, she had digital forensic expert Jason Jordaan examine her computer to establish if the breach was on her side. Jordaan found no sign of compromise on her computer. Meanwhile, Bay Union engaged its own forensic experts to investigate, but no breach in Bay Union’s systems was found.
When Bay Union asked Tonkinson to make her computer available for inspection by their experts, her lawyer, Mark Heyink, informed them that Tonkinson had already had her computer forensically investigated.
He offered her computer and her forensic expert’s report on the basis that the report commissioned by Bay Union be made available to Tonkinson.
After many letters and phone calls from Heyink to Bay Union, its insurer, iTOO, offered Tonkinson the report on condition she waive all her rights against Bay Union. When she refused, iTOO released the report on a “without prejudice” basis, meaning Tonkinson cannot use the report in legal proceedings against Bay Union.
The report reveals — despite claims by Bay Union and its insurers that Bay Union’s “systems” had not been breached — that the forensic analysis was of one laptop only.
Menin told Money that in addition to an investigation of his computer, a review of his e-mail logs was performed. Since there was no evidence that the breach was from his computer, an analysis of all computers and network infrastructure “wasn’t necessary”.
Jordaan says when cybercriminals compromise an organisation they will compromise multiple devices, one of which could have been the nexus for the interception of the data. “In this instance, Menin was not the only person within Bay Union that had knowledge of the transaction, so there are other computers that could potentially have been compromised. Significantly, no analysis was done of the server and mail infrastructure within Bay Union that could very well be compromised.”
Jordaan says the report prepared for Bay Union states simply that they “scanned for malware”, but provides no detail as to how this was done. He says the report also states that they could not find any malicious software. But there are many ways to compromise a system without using malware.
Menin says Jordaan had reviewed an “interim report”. Bay Union’s forensic experts recommended “a phased approach”, he adds. “When no breach was found on my computer, the next step would be to conduct an investigation on Ms Tonkinson’s computer, before considering the wider expansion of the investigation. Access was requested to Ms Tonkinson’s computer and M-Web webmail access,” he says.
Tonkinson’s offer to make her computer available has been on the table since November, says Heyink. He has asked only that Bay Union’s forensic experts sign a confidentiality agreement — their own or one drafted by him — owing to the sensitive nature of Tonkinson’s work. But Bay Union has yet to take up this offer.
As for the stipulations made before Bay Union would share the report, Menin says: “As per discussions with our insurers, reports are generally not provided from a legal point of view. However, given the relationship between Bay Union and Ms Tonkinson, and in order to show our willingness to assist, it was agreed to share the report on this basis.” Bay Union’s insurers have proposed that investigators from both sides meet to discuss the investigation.