When your contact details change, or your banking information changes, what should happen?

Further down this article is a proposal that you may adopt as your own and change to suit your requirements and situation!

What happens when your clients receive email communications that your banking details has changed and even supplies a real looking Invoice or Statement, with your logos and details, but a Fake bank Account?

TWO main methods this could ever happen:


Risks of other random people sending email as you@yourdomainname is small : All of our hosted domain names have FULL BLOCKING SPF, so any recipient email server “should not” receive email from any IP numbers not in Nkosi network. But, some ISP’s do ignore fraud checks, so anything is ultimately possible. Some domain name hosting has NO blocking or anti fraud settings (So any IP number on the planet may send email as that domain name)


Risks of YOU sending email to YOUR clients with fake banking details is larger: You/Your Staff see a link of a cool/cute dancing cat on a website and the device is compromised. (Or receive custom malware in email or social engineering or you have a new web designer in India/China/Russia/America with access to your control panel or any one of hundreds of ways to compromise your devices…) – Point is the device becomes compromised. The criminals now monitor your email, using your own passwords and also distribute custom malware throughout your organisation in order to control as many devices (and breach as many credentials) as possible. The criminals spend time learning about your money, payments, transfers and business. When the time is right, they may send your client an altered Invoice with bank details changed!

To defend/mitigate the business risks:

  • Always have documentation in place with your clients regarding payments and banking information
  • Implement strong password Policies (Change passwords every 30/60/90 days)
  • Implement healthy anti-malware and regular interval full scanning habits for all staff and all devices
  • Implement/Use reliable PAID (not free) anti-malware software
  • Implement healthy security policies and rules (Do not watch dancing cats during work hours on work devices, Do not click on Links, Do not open unexpected attachments or links, Do not auto execute any type of code outside of sandbox, etc etc)

For relay outside of our network:  You already have full blocking SPF (some service providers ignore this) – Adding DKIM/DMARC for service providers that do not even implement SPF, is pointless, but could be done)

Please let me know if you have any additional suggestions!

It is very important to have guidance in place for your clients in case your contact information or banking information change

DO NOT: Simply tell your client that your details will not change DO: Tell your client how it will happen, if it ever happens

Here is an example, which you can add to your Invoices, Statements, Website, Communications, etc:

For Invoices, maybe just below: Good remain the property of XYZ until fully paid, you can add something similiar to our Nkosi Banking Details page:

When or If our banking details change:

You will receive a phone call from us
You will also receive a TEXT message

You will also receive an email from Nkosi Accounts <accounts@nkosi.co.za>
The change will be recorded on our website – So, the new account will match the details above
When you add beneficiaries, many banks have the facility to “Verify Bank Account” please do consider using that option, if available on your bank
If you are not sure or if you suspect any issues, please contact us ASAP

The Nkosi Banking Details Page is here


In cases where other servers send email as your domain name – Some domain names have little or no protection from spoofing. Some domain names allow anyone on the Internet to send email from anywhere as that domain name. Some free email services are not suited to be used for business purposes.

Actual Real Data Case Study:

A client of mine, had a very old email address: arcweld@iafrica.com (@mweb.co.za and many other email addresses would also be succeptable to FRAUD as the domains has limited or NO Security in place like BLOCK SPF, DKIM, etc) the client is ARC WELD ( https://arcweld.co.za )

When anyone sends email on the Internet, receiving email servers can do a check, to see if the IP number sending the email, has permission to send email for that domain name (ALL NKOSI Client Domains have security)

Domains like iafrica.com or absamail.co.za and tens of thousands of other domains – in my opinion, DO NOT HAVE enough security to prevent their clients to easily be defrauded.

This means that: Anyone from any Internet connected device on the planet, can send email as if they are: arcweld@iafrica.com

So, obviously arcweld@iafrica.com or anyone@absamail.co.za or anyone@anynumberofotherdomains ARE not such great email addresses to use for Accounts, Invoicing or for General Business use.

7 March 2024 : Checked the domain name iafrica.com again… It still allows anyone to send email as @iafrica.com