Accounts Payable Security Report: June 2021
Each month, the team at eftsure monitors the headlines for the latest cyber & accounts payable news. We bring you essential learnings in our Accounts Payable Security Report to help your organisation manage payments securely.
Small Businesses Vulnerable to Insider Threats
All too often when people think about payment scams, they immediately think of attacks against large enterprises. However, when it comes to small business, the greatest threat often comes from a trusted insider.
Small businesses rarely have the structures or technologies in place to closely monitor outgoing cash flows in a systematic way. Instead, they usually rely on trust. Given the close relationships that often develop over time between a small business owner and their long-term staff, it’s not unusual for a trusted employee to be authorised to process the business’ EFT payments.
However, for a small business, such arrangements can be a recipe for disaster.
Even if your employee doesn’t start out with malicious intentions, all too often staff can descend into financial difficulties due to debts or gambling addictions. When this happens, an employee with too much access and insufficient oversight can find themselves compelled to defraud their employer.
This is precisely what happened to Debbie Ann Mauger, a 57-year-old real estate office manager. Over the course of three years, she stole in excess of $850,000, much of it to fund her pokies habit. By creating fake advertising invoices, she was able to regularly transfer funds to her personal bank account.
Business owner, Stephen Tickell, said he had considered Ms Mauger almost like family, and her betrayal had scarred him. “If you can’t trust such close friends, who can you trust?” he said.
This is a timely reminder for all businesses that you need to have the technology in place to monitor and track outgoing funds. Manually checking invoices and bank statements is time consuming, but with the eftsure platform, you can easily achieve the visibility you need to ensure nobody, whether a malicious outsider or trusted insider, is siphoning off your funds.
New Push to Block Scam Phone Calls
Telstra is launching a new crackdown on scam phone calls. The telco claims it blocks about 13 million such calls per month. Among the scams being targeted by Telstra are calls where the caller ID is spoofed.
Telstra’s Asia-Pacific CISO Narelle Devine stated that “scammers are always finding new tactics,” which means it is impossible to stop scam calls entirely.
When it comes to preventing fraud against your organisation, it is important to remember the way scammers use phone calls to their advantage. We know scammers routinely masquerade as legitimate organisations, such as the tax office, in an attempt to deceive Accounts Payable (AP) teams into transferring funds to them.
We also know that scammers are calling AP staff using “Deep Fake” technologies. This allows the scammer to impersonate an authority figure in the organisation, such as the CEO or CFO, over the phone. The scammer then issues instructions over the call to transfer funds to their bank account.
In many of these cases, scammers are using spoofed caller ID to aid in their deception.
The important lesson for all organisations is to NEVER trust information or instructions delivered via an incoming phone call. AP teams should always independently source phone numbers and then conduct a call-back before processing any payments.
Be Aware – Attackers Move Quickly
A new report shows how quickly fraudsters move to initiate scams in the aftermath of a successful phishing attack.
All it takes is one day for phished credentials, such as login and password details for email accounts, to be verified by scammers. These details are then used to launch a range of attacks, including malware and BEC scams.
In a six-month study, researchers created 8,000 test email accounts. The login and password credentials were then submitted to known phishing sites. The researchers then monitored how quickly attempted attacks were launched using these 8,000 test email accounts.
Within 12 hours, researchers identified attempted attacks using half the test email accounts.
In one case, attackers used a compromised email account to send out more than 12,000 emails containing malware over a two-hour period to employees of real estate companies. In many other cases, attackers posed as vendors and sent fictional invoices in an attempt to collect payments.
With fraudsters moving so quickly to use phished email credentials in a wide variety of ways, pressure is on your Accounts Payable team to ensure they are always alert to a range of threats. Having eftsure integrated into your accounting environment alleviates much of the pressure on your team. It ensures outgoing payments are verified in real-time against a database comprising nearly 2 million Australian organisations. This is a highly effective way to safeguard your organisation from attackers that are rapidly trying many new tactics to defraud you.
BEC Top Concern for Banks
A new study finds that 86% of bank respondents perceive Business Email Compromise (BEC) and Authorised Push Payment (APP) fraud to be the greatest risk to their businesses over the next two years.
The study also found those reporting fraud losses due to BEC and APP nearly doubled over the last two years.
According to the study, over 50% of bank respondents realise something needs to be done to reduce this growing threat, in particular investing in technology solutions that mitigate the risk of fraud and financial crime.
Whilst it is good that banks are realising that they need to protect customers by offering better security solutions within their platforms, they find themselves with limited options. Due to their inability to crossmatch data from counterparty banks, there’s only so much they can do to prevent BEC and APP fraud.
That’s where eftsure can help. Our unique approach aggregates data directly from payers, rather than relying on data from the banks. It means we are able to provide assurance to any organisation that when it is paying out funds, the banking details it is using align with the details used by other organisations to pay the same payee.
Contact eftsure today for a no-obligation demonstration on how we can safeguard your organisation from financial crime.
Stay up to date with the latest payment security threats and trends