Beware of fraudulent e-mail, sms and WhatsApp scams

3 min read 07 August 2019

Santam wishes to alert consumers to a new wave of fraudulent practices by criminal syndicates using spoofed e-mails, sms’s and WhatsApp messages to intermediaries and clients. Spoofing is the act of hiding the true identity of a sender making you think that it is somebody you know.

In the first set of instances, a number of intermediaries received spoofed e-mails purporting to be from a Santam staff member. These spoofed e-mails were sent by the criminal syndicates in an attempt to exploit intermediaries into transferring funds into a fraudulent account by leveraging Santam’s good brand and reputation in the market.

Similarly, Santam also became aware of instances where spoofed sms’s and WhatsApp messages were sent to policyholders in an attempt to obtain their bank account details.

Andre Nel, Santam Information Security Officer, says spoofing is dangerous because fraudsters know that you are more likely to trust or follow instructions from someone you know. “For example, you are more likely to open an attachment from your CEO, friend, colleague or family member because you trust them. Fraudsters research their target company’s internal relationships, activities and purchasing processes, making the e-mails, sms’s and WhatsApp messages even more convincing.

“Because they seem to come from people or an organisation you trust, they are a bit harder to spot compared to standard phishing e-mails.”

Andre shares the following tips:

  1. Don’t trust anything you haven’t expected. Always be suspicious of e-mails, sms’s and WhatsApp messages you haven’t expected, even from people you know or organisations you deal with. Be especially cautious if it asks you to open an attachment, click on a link or divulge information.
  2. For emails, verify the sender address. By clicking reply, you will see the actual e-mail address to which you will be replying. Validate that this email address is the expected email address to which you wanted to reply originally.
  3. Requests for money should raise alarm bells. Always treat requests for money or sensitive information with a high degree of scepticism.
  4. Look but don’t click. Hover your mouse over any links embedded in the body of the email. If the link address looks suspicious and not like a legitimate Santam website address, don’t click on it.
  5. Spot sender inconsistency. If the tone or the purpose of the email, sms or WhatsApp is slightly out of the ordinary, like a payment related query from an alleged Santam staff member to yourself, consider it a spoofed / phishing email, sms or WhatsApp and delete it.

Should you have any questions, please contact Santam’s IT security team on infosec@santam.co.za or Santam’s Forensics team on:

SA: 0860 600 767
Namibia: 0800 002 020
WhatsApp: 076 921 3347
E-mail: forensic.services@santam.co.za