Johannesburg – Business email fraud is fast becoming one of the most damaging crimes affecting companies across Southern Africa, with syndicates using cloned invoices and mule accounts to siphon millions of emalangeni.
Chad Thomas of IRS Forensic Investigations explained that fraudsters intercept legitimate emails, alter invoices and change banking details before forwarding them to unsuspecting clients. “Victims pay in good faith and only later realise the funds have gone to fraudsters,” he said.
The scams often involve fake email addresses that differ from legitimate ones by a single letter or digit, making detection difficult. No industry has been spared, with cases reported in mining, manufacturing, hospitality and small businesses that rely on invoicing. 
Hotelier Paul Nissen, who owns Elizabeth Lodge in South Africa’s East Rand, said his business has lost between R11 000 and R20 000 in a single case. “We once avoided losing R100 000 by making a test payment of R200. That R200 went into a fraudulent account, but at least we saved the bigger amount,” he said. His business has since stopped printing bank details on invoices, choosing instead to share account numbers verbally or via WhatsApp for confirmation.
Investigators say fraud syndicates rely heavily on mule accounts to move money quickly. Spotters recruit unemployed people to open bank accounts and surrender the cards and PINs for a small fee. Funds are then laundered through dozens of accounts within minutes.
Banks have issued repeated warnings about such scams. Standard Bank recently flagged mule accounts, while FNB raised concerns over “agentic fraud” where artificial intelligence mimics voices during phone banking.
Nissen said some of his colleagues have lost hundreds of thousands of rand. “We reported the fraudulent accounts to the bank. They admitted knowing about them, yet weeks later the same accounts were used again,” he said.
Thomas urged banks to adopt artificial intelligence systems that can detect abnormal transactions. “If an account usually receives only Sassa grants but suddenly processes large amounts in and out, that should be a red flag,” he said.
Courts have ruled that liability for payments made into fraudulent accounts rests with the payer. “If they don’t verify the account, they carry the loss. Businesses must double check, speak directly to their creditors and avoid relying on email alone,” Thomas added.
