Communication to clients regarding RSM bank accounts

 

Dear Valued RSM Client

Recently there was a court case between a large law firm and one of their clients who fell victim to cybercrime through business email compromise (BEC). The victim’s email account had been hacked and the email containing the bank details from the law firm was intercepted by a fraudster and altered to reflect the fraudster’s bank account details resulting in the funds electronically transferred by the victim being deposited in the fraudster’s bank account as opposed to the bank account of the law firm.  The email address of the fraudster looked remarkably similar to the email address of the law firm.

We would like to take this opportunity to inform you of the steps we have put in place to ensure the risk of this happening to our clients is minimised.

RSM South Africa utilises a domain encryption service, DMARC, to protect our email domains. This solution provides that our domain @rsmza.co.za cannot be hijacked. While this can give you comfort that the mails you receive from the domain @rsmza.co.za are genuine, it does not deal with situations where hackers are using similar domain names that may be confused with our domain. Should an email from RSM appear strange or unusual, please contact your engagement partner at RSM and we will gladly assist in clarifying the issue.

Additionally, we need to stress that if you receive any email saying that our bank account details have changed, to treat this as a phishing or hacking attempt, to disregard the email immediately and to contact RSM.  Again, we encourage you to contact us telephonically to verify that any bank account details we send you are correct.  

Should you have any queries, please don’t hesitate to contact me to discuss.

Regards

Alistair Maxwell
Chief Operations Officer