A Cape Town man had his retirement savings stolen after hackers gained access to an estate agent’s email account.

Cape Town man robbed of R900,000 after hackers breach estate agent email account

Petrofski Williams planned to use his nearly R1-million pension payout to buy an investment property – the rental income from which would cover his daughter’s university fees.

According to The Power Report in the Sunday Times, these plans were destroyed after fraudsters hacked into the email account of the Seeff estate agent Williams was dealing with – sending him a bank account number for the deposit for the property, which was R900,000.

According to the report, the fraudsters sent the mail from the agent’s official Seeff address – but it contained the account details of the fraudsters, and not the appointed conveyancers.

Williams reportedly phoned the estate agent from inside the bank before making the deposit, and confirmed the bank account name and number as correct before making the deposit.

He made the call as he had received three different sets of bank account details from the Seeff email address.

“When the funds didn’t arrive, a cyber forensic investigation was commissioned by the Seeff Langebaan franchise. It concluded that the agent’s e-mail account, username, and password had been compromised by an unknown party,” said the report.

“The scammers appear to be very skilled and have the knowledge to spoof e-mail accounts… [they] appear to have inside knowledge of property transactions – possibly by hacking into e-mail accounts and/or by insider information.”
Phishing attack

Forensic investigators said the agent’s laptop may have been compromised by a spear phishing attack, as they found no evidence that Seeff staff were involved in the fraud.

The agent involved “could not recall” whether she has confirmed the fraudulent bank account details over the phone, as Williams stated.

The report said Williams is in no position to fight Seeff in court, despite a bank official signing a statement confirming that Williams read out the bank account details to the estate agent over the phone.

Gillian Bolton, a forensic legal expert who is assisting Williams, said the Seeff group must shoulder responsibility in this case.

“There is the broader issue of the role and responsibilities of the Seeff group as regards the security of its IT environment, given that the agent made use of a Seeff domain name,” said Bolton.

The Power Report stated this is one of at least 11 similar cases under police investigation in Cape Town. All share the same modus operandi and are believed to be the work of the same syndicate.

The full report is available in the Sunday Times – 22 November 2015 edition