In what appears to be a Business Email Compromise (BEC) scam, email hackers defrauded TM Supermarkets of a massive $22 million.
According to the police, as yet unidentified hackers sent emailed instructions to the retail group’s bank, Steward Bank instructing the financial institution to transfer money to four accounts that the fraudsters controlled.
The hackers are alleged to have created an email that appeared to come from TM Supermarkets’ financial manager Mr Raymond Matsetsa on January 28, 2021. The email which was sent to Steward Bank’s Avondale branch instructed the bank to transfer the money as follows: $10 million to a company called Simrac Investments, $3 million to a company called Leechiz, $7 million to a company called Madzara Investment, and $2 million to a company called Maalocka Pvt Ltd.
The bank complied with the emailed instructions and transferred the money to the four accounts. The accounts were emptied after the money was transferred.
TM Supermarkets only discovered the fraudulent transactiond on March 3. The financial manager disputed the email saying that it was doctored. Following investigations, the police have since arrested one person, Tonderai Chagweda, suspected of involvement in the hacking and the fraud.
The police suspect that employees from both TM Supermarkets and Steward Bank are involved in the email fraud scam. National police spokesperson Assistant Commissioner Paul Nyathi also said that the police suspect that this could be the work of a syndicate which is targeting large corporations.
“We are conducting investigations into the matter.
“We are also appealing to members of the public with information to come forward and assist the police to arrest other suspects involved in the crime.”
Chagweda’s lawyer Charity Tawanda of Tawanda Law Practice disputed that her client was connected to the crime in any way. Speaking to The Chronicle, she said,
“My client neither works for TM or Steward Bank nor was any of the alleged sums transferred to him,”
What Is A Business Email Compromise (BEC) scam?
Business Email Compromise is a type of scam targeting businesses ranging from small-sized enterprises to multinational corporations.
Scammers typically single out high-level executives, usually the CEO, CFO, or COand The corporate or publicly available email accounts of high-level employees who work in the finance department or are involved with wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks.
After gaining control of the email accounts, the hackers authorize the transfer of money that will largely end up in accounts they control.
While rare in Zimbabwe, BEC scams have been carried out all over the world, mainly by Nigerian scammers. Last year, Nigerian citizen, Olalekan Jacob Ponle, who also went by the name Mr Woodbery, was arrested on June 10, 2020, in Dubai for allegedly stealing US$15.2 million in a scam targeting a Chicago-based company. He was extradited to the United States for trial.
Nigerian Instagram celebrity Ramon Olorunwa Abbas, commonly known as Hushpuppi, was also arrested in Dubai and extradited to the United States to face criminal charges of conspiring to launder hundreds of millions of dollars from “business email compromise” (BEC) frauds and other scams.
Paul Delacourt, the assistant director in charge of the FBI’s Los Angeles Field Office, claimed that the FBI recorded $1.7 billion lost to BEC schemes in 2019.