Business Law, Erasmus & Associates, Intellectual Property

When Criminals Impersonate Your Business | Yolandi Erasmus

Posted on by Yolandi Erasmus
When Criminals Impersonate Your Business
19
Jan

When Criminals Impersonate Your Business

Cybercriminals are becoming increasingly sophisticated in the way they exploit trusted business identities. One of the fastest-growing threats facing South African companies is domain impersonation and fraudulent email schemes where criminals register a look-alike domain and use it to pose as a legitimate company in order to secure credit, place false orders, or extract payments.

Recently, EAI Law assisted a national client that became the target of a highly coordinated impersonation attack. The matter highlights how easily this type of fraud can occur and how quickly it must be addressed.

Fraudsters registered a domain name that closely resembled our client’s legitimate business domain. Using this fake domain, they created email addresses that appeared authentic to suppliers and business partners.

From these addresses, the criminals:

  • Sent fraudulent credit applications pretending to represent a legitimate distribution operation.
  • Circulated forged identity documents using stolen personal information.
  • Submitted falsified company registration details, signatures, and supporting documents.
  • Attempted to open credit facilities and place orders under false pretences.
  • Used variations of the company’s identity to increase credibility and avoid detection.

Because the emails and documents looked professional and believable, suppliers were at real risk of granting credit or releasing goods before the fraud was detected.

This type of impersonation can expose businesses and their trading partners to significant financial loss, reputational damage, operational disruption, and data privacy risk.

EAI Law acted swiftly to contain the threat and protect the client and its commercial ecosystem.

Our intervention included:

Immediate Takedown Action

We issued a formal takedown notice to the hosting provider requesting:

  • Immediate suspension of the fraudulent email account and hosting services.
  • Blocking of outgoing communications to prevent further victimisation.
  • Preservation of server logs and account information for law enforcement purposes.
  • Written confirmation of the suspension.

This action was supported by a statutory takedown notice under the Electronic Communications and Transactions Act, together with evidence including fraudulent emails and proof of impersonation.

The conduct constituted:

  • Common law fraud.
  • Criminal offences under the Electronic Communications and Transactions Act.
  • Breach of hosting provider acceptable use policies.
  • Unlawful impersonation and misrepresentation.

Parallel criminal reporting processes were initiated to ensure formal investigation and evidence preservation.

Stakeholder Protection

The affected client issued urgent alerts to suppliers and internal teams to prevent further exposure and ensure rapid verification of any suspicious communications. This helped minimise potential downstream losses and reputational harm.

 

How to Prevent Domain and Email Impersonation Fraud

Every growing business should implement layered protection legally, operationally, and technologically.

  1. Secure Your Digital Identity
  • Register common domain variations of your brand name.
  • Monitor domain registrations linked to your business name.
  • Use strong email authentication (SPF, DKIM, DMARC).
  1. Train Staff and Suppliers
  • Educate teams to question unusual payment or credit requests.
  • Encourage verification of any changes in banking or contact details.
  • Never rely on email alone for approvals.
  1. Strengthen Internal Governance
  • Implement written verification procedures for credit approvals and supplier onboarding.
  • Maintain controlled document access and approval workflows.
  • Regularly audit compliance and risk exposure.
  1. Have a Legal Incident Response Plan
  • Know who to contact immediately if fraud is suspected.
  • Maintain template takedown notices and reporting protocols.
  • Preserve evidence from the outset.

 

What to Do If You Suspect This Type of Fraud

If your business encounters suspicious emails, fake documentation, or unusual credit requests:

  1. Do not engage with the sender.
  2. Preserve all evidence (emails, headers, attachments, IP data).
  3. Notify your legal advisors immediately.
  4. Request urgent domain and hosting suspension.
  5. Report the matter to SAPS and relevant cybercrime units.
  6. Alert affected stakeholders and suppliers.

Speed matters. The longer fraudulent accounts remain active, the greater the potential damage.

 

EAI Law Supports Businesses in Fraud Incidents as an outsourced legal advisory partner for growing companies.

EAI Law provides:

  • Rapid incident response and takedown enforcement
  • Regulatory and criminal reporting guidance
  • Evidence preservation and legal compliance
  • Risk mitigation strategies
  • Governance and digital risk frameworks
  • Ongoing legal operational support

We don’t simply react to crises, we help businesses build resilient legal systems that prevent exposure before it escalates.

Domain and email impersonation fraud is no longer a rare event, it is an active and evolving threat against South African businesses of all sizes. The businesses that respond fastest, with the right legal and operational support, are the ones that limit damage and protect trust.

If your organisation would like to strengthen its fraud readiness, digital governance, or legal risk controls, EAI Law is ready to partner with you.

📞 012 345 1407
✉️ office@eailaw.co.za
🌐 www.eailaw.co.za

LinkedIn

 

Yolandi Erasmus

Leave a Reply

Your email address will not be published. Required fields are marked *

Chat to EAI Law