While ransomware makes headlines, a far more damaging and insidious threat is quietly draining bank accounts across Gauteng: Business Email Compromise (BEC).
Unlike ransomware, BEC rarely triggers alarms or encrypts files. It works by deception. Criminals impersonate suppliers, executives, or trusted partners to trick employees into making fraudulent payments or disclosing sensitive information. In South Africa, these attacks have become one of the most expensive cyber threats facing small and medium businesses.
According to South African Police Service reports and banking sector data, BEC losses in South Africa now run into hundreds of millions of rand annually. Many incidents go unreported because companies feel embarrassed or fear reputational damage under POPIA.
Why South African SMBs Are Perfect Targets
Several local conditions make BEC particularly effective here:
- High volume of supplier payments. Johannesburg and East Rand businesses regularly pay local and cross-border suppliers, creating many opportunities for fake invoice scams.
- Load shedding fatigue. Staff working under pressure during power outages are more likely to miss subtle red flags in urgent requests.
- Hierarchical business culture. Many employees are reluctant to question what appears to be a request from a director or senior manager.
- Heavy reliance on email. Despite the growth of Teams and WhatsApp, email remains the primary method for formal business instructions and invoices.
In our work with Bedfordview and Germiston clients, we regularly see the same pattern: a well-crafted email that looks almost identical to normal supplier correspondence, only the banking details have been changed.
Real-World Impact
A typical BEC attack on a 25–80 employee company in Gauteng often results in losses between R180,000 and R1.2 million. One East Rand manufacturing client lost R874,000 in a single transaction after an attacker compromised a supplier's email and sent "updated banking details" for an upcoming large payment.
Even worse, many companies only discover the fraud weeks later when the real supplier follows up on the unpaid invoice. By then, recovery is extremely difficult.
Practical Defences That Actually Work
- Implement strict payment verification procedures. Never accept changed banking details via email alone. Always verify changes by phone using a number you have independently looked up.
- Enable multi-factor authentication everywhere, particularly on Microsoft 365.
- Use invoice approval workflows. Any payment above R50,000 should require dual approval.
- Deploy modern email security tools that detect domain impersonation.
- Train staff to recognise urgency as a red flag. Legitimate suppliers rarely demand immediate payment changes on a Friday afternoon.
The Strategic View
The most mature businesses in the East Rand no longer treat BEC as an "IT problem." They treat it as a financial control and business process risk.
If your business regularly makes payments to suppliers, the question is not whether you will be targeted, but when.
Contact CT Bedfordview for a confidential Business Email Compromise risk assessment. We'll show you exactly where your business is vulnerable — and how to fix it before attackers exploit it.