Skip to main content

    The National Minimum Wage rose to R30.23 an hour on 1 March 2026. Check your pay ->

    SiteKiln gives you plain-English information, not legal advice. If you need advice specific to your situation, talk to a qualified professional.

    Cyber and Invoice Fraud

    4 min read·Reviewed June 2026
    By SiteKiln Editorial TeamFirst published 21 Jun 2026
    Running the Business

    How this site is funded →

    The fastest-growing fraud hitting small SA contractors is invoice-redirection fraud, also called Business Email Compromise (BEC). A criminal sends your client a fake email that looks like it came from you, telling them your banking details have changed, and the client pays the wrong account. The single best defence is simple: never let banking details be changed on the strength of an email alone. Always confirm any change by phoning the other party on a number you already know, not a number in the email.‍‌​​​‌‌‌‌​​‌​​‌‌‌​​​​‌‌‌‌​​​‌​‌‌​‍

    The South African Banking Risk Information Centre (SABRIC) has flagged BEC as one of the fastest-growing financial crimes targeting SA businesses. Small contractors are hit especially hard because they typically issue invoices by email and do not have corporate-level cybersecurity.

    How the scam works

    Here is a typical case. Nico is a self-employed electrician. His client receives an email that appears to come from Nico, saying he has changed his banking details. The email address is "nico.electrical.sa" at a free webmail address, one character different from Nico's real one. The client pays R28,000 into the fraudster's account. Nico only finds out when the client asks why the invoice is still overdue.

    The mechanics are usually the same:

    • Fraudsters monitor email accounts, or quietly hack into them, to spot pending payments.
    • They send a fake email with new banking details. The sender address is very close to the real one, or the genuine account has been compromised and the email is real.
    • The victim pays the fraudster's account.
    • Recovery is very difficult, because the money is moved quickly through several accounts.

    Prevention: the practical steps

    • Never change banking details by email alone. Any change of bank details must be confirmed by a phone call to a contact number you already hold, not a number printed in the email itself. This one habit stops most of these scams.
    • Use a dedicated business email, not free webmail, and turn on two-factor authentication so a stolen password is not enough to get into your account.
    • Tell your clients up front. Put a line on every invoice: "We will never ask you to change our bank account by email only. Always phone to verify."
    • Agree a passphrase with regular clients. A simple verbal code, given over the phone, confirms a genuine bank-change request.
    • Check your email for unauthorised forwarding rules. A hacked account often silently copies all your mail to the fraudster. Look in your settings for forwarding or rules you did not set up.

    If you are already a victim

    Move fast. The sooner you act, the better the chance of stopping the money.

    • Phone your bank immediately. Recovery chances are higher when you report inside the first 72 hours, while the funds may still be traceable.
    • Report it to SAPS. Cybercrime is dealt with under the Cybercrimes Act 19 of 2020. Report at your nearest SAPS station or through the South African Police Service website.
    • Tell SABRIC. The South African Banking Risk Information Centre coordinates with banks to try to recover funds. You can reach SABRIC on 011 847 3000 or through sabric.co.za.

    An honest word on recovery: SABRIC does not publish recovery statistics for BEC and invoice fraud in SA, so nobody can promise you a number. What the evidence does suggest is that once funds have been moved, recovery rates are low. That is exactly why prevention, not recovery, is the only reliable protection.

    Common mistakes

    • Trusting an email that says the bank account has changed. Always phone first, on a known number.
    • Using free webmail for your business and never switching on two-factor authentication.
    • Ignoring strange forwarding rules in your email settings, which is often the first sign of a hacked account.
    • Waiting a day to call the bank after spotting a fraudulent payment. The first 72 hours matter most.
    • Assuming you are too small to be a target. Small contractors are targeted precisely because they invoice by email and rarely have cyber defences.

    Know someone who needs this?

    Share on WhatsApp

    How this site is funded →

    Was this guide useful?

    Didn't find what you were looking for?

    Spotted something wrong or out of date? Email us at hello@kilnguides.co.uk.

    In crisis? SADAG 0800 567 567 ·

    How this site is funded →