These allegations are contained in the charge sheet against Noluthando Skhosana and Serati Leopeng, who are also accused of illegally accessing nine FNB accounts valued at R16.9-million.
Sign up for our free daily elections email
This is where we’d usually stop you and ask you to pay to read this story, but this week M&G is free so that everyone can access the information they need in the run up to the municipal elections on 1 November. Find out more here.
According to the charge sheet, the nine accounts were allegedly accessed 31 times in one day in January last year but no money was taken from them.
Skhosana and Leopeng are standing trial on two counts each of fraud, or alternative charges of theft, as well as 31 counts of contravening the Electronic Communications and Transactions Act at the Johannesburg specialised commercial crimes court, sitting in Palmridge.
Skhosana and Leopeng are accused of having used a cyber fraud scam that involves cloning email accounts to carry out the alleged theft from both financial companies.
They have pleaded not guilty to all charges and are out on bail.
The saga, according to the National Prosecuting Authority (NPA), began on 11 November 2019 when Investec received an email purporting to be from the South African Council for the Project and Construction Management Professions (SACPCMP), which instructed Investec to pay an amount of more than R2.5-million to an FNB account.
The SACPCMP regulates project and construction management professionals on behalf of the public.
The name of the FNB account holder who allegedly received the illicit funds is known to the Mail & Guardian, but cannot be mentioned because the person is yet to be charged. The account holder is the sole director of a business, the name of which is also known to the M&G.
“On 27 November 2019, Investec received another email purporting to be from [the] SACPCMP instructing Investec to pay an amount of R3.8-million into the [FNB] banking account, [and the] instructions were honoured, reads the NPA’s charge sheet.”
“Investec later discovered that both emails were fraudulent and their computer systems were hacked into.”
A day after the R3.8-million deposit was made, FNB placed a hold on the account in question to prevent any further transactions.
But, on 22 January 2020, Skhosana allegedly lifted the hold, which allowed the business owner to “transact on the account(s) to the tune of R1 861 576.04”.
The state alleges Skhosana also logged into FNB’s computer system and “unlawfully and intentionally accessed the profiles” of the nine bank accounts. The state claims that Leopeng “provided [Skhosana] with banking details for information and deleting of holds on bank accounts”.
“The state will allege that the accused at all relevant times committed the offences in execution and furtherance of a common purpose,” the charge sheet added. “The state will also allege that the common purpose existed, at the latest, immediately prior to the commission of the offences and continued for the duration thereof.
“The accused operated in a syndicated manner.”
In its charge sheet, the state has a breakdown of all the accounts that were allegedly accessed, as well as the potential money that account holders stood to lose had the funds been channelled out of the bank.
One FNB client, whose name is known to the M&G, had his account accessed seven times and stood to lose more than R11.7-million had the money been siphoned out.
Two other accounts were also above the million-rand mark, with one being more than R1.9-million and the other R1.4-million.
The other amounts were R620 879, R395 616.59, R303 199.92, R266 990.87, R132 641.4, and R40 425.15, the last amount belonging to a social club in the affluent northern Johannesburg suburbs.
The interception of emails to commit fraud is known as the “business email compromise” scam, which mainly targets large property transactions.
In a statement to the M&G, FNB’s head of risk Nadiah Maharaj said the company was cooperating with the prosecution team in the case against two of its former employees, and maintained a “zero-tolerance approach against illegal behaviour”.
“The Bank firmly believes that it has a moral and legal obligation to ensure that acts of financial crime are prosecuted to the fullest extent of the law. We view such incidents in a serious light and continue to take the necessary measures to improve the detection and prevention of fraud,” Maharaj said.
In a statement to the M&G, Investec said: “Investec would like to put on the record that its systems were not breached. Investec has recovered most of the funds that were incorrectly paid following the fraudulent emails received from the South African Council for the Project and Construction Management Professions.”