Email Hackers Gets Away With $22 Million From TM Supermarkets

  • Hackers get away with $22 million
  • How to hack an email
  • How to detect and prevent email hacking

In a suspected email hacking cybercrime, TM supermarkets have lost 22 million and no one has yet been held accountable.

The retail group was frauded through an email sent to accounts staff at Steward Bank, Avondale branch on 28 January 2020 instructing them to send money to four company accounts which were systematically emptied. The email account used was in the name of TM financial manager Mr Raymond Matsetsa.

According to National police spokesperson Assistant Commission Paul Nyathi, Steward bank then acted on the instructions and transferred ZWL $10 million into a company called Simrac Investments, Leechiz (ZWL $3 million), Madzara Investment (ZWL $7 million), and Maalocka Pvt Ltd (ZWL $2 million).

Investigations are still ongoing but you may be wondering how the cybercriminals hacked Mr Mutsetsas’s email account and for the sake of preventing your account from getting hacked, I am going to take you through a technique that could have been used by the perpetrators.


There are many ways a hacker can get hold of your password and keylogging software is the easiest.

Keyloggers are a type of monitoring software designed to record keyboard strokes made by a user. These keystroke loggers record the information you type into a website or application and send it back to a third party, whether that is a criminal, law enforcement, or IT department. they can be knowingly downloaded and installed physically meaning such attacks are harder (but not impossible) to achieve with the help of an insider or unknowingly sent as malware to infect a device.

This might be your first time hearing about keyloggers but Apart from criminal activities, the application can also be used by shop owners to monitor till operator activities and by police during investigations.

We suggest keylogging could have been used because TM employees and Steward Bank insiders are suspected of being involved in the scam.
So anyone with access to Mr. Mutsetsas’s computer could have installed the software

Best practices for detecting and removing keyloggers
The advice below represents what’s generally considered the most effective steps to take to minimize the impact of unwanted keyloggers.

Keep Anti-Virus and Anti-Rootkit protection up to date

As keyloggers often come bundled with other forms of malware, discovering keylogger malware might be an indicator of a wider attack or infection. Up-to-date antivirus protection and anti-rootkit protectors will remove known keylogger malware.

Use anti-keylogger software

Dedicated anti-logger software is designed to encrypt keystrokes as well as scan for and remove known loggers and flag unusual keylogging-like behavior on the machine. Blocking root access for unauthorized applications and blacklisting is a known spyware apps will also help.

Consider virtual on-screen keyboards

Virtual onscreen keyboards reduce the chance of being keylogged as they input information in a different way to physical keyboards. This might impact user productivity, isn’t foolproof against all kinds of keystroke monitoring software, and doesn’t eliminate the cause of the problem.

Reduce sharing data with external devices

Disabling self-running files on externally connected devices such as USBs and restricting the copying of files to and from external to computers may also reduce the possibility of infection.