As cyber criminals confront increasingly sophisticated security controls, they are resorting to phone call scams in order to take advantage of another area of perceived weakness.

For any CFO or Accounts Payable manager, phone calls have long been used as a tactic to verify bank details when onboarding a new supplier or prior to issuing a payment. Conducting call-backs to suppliers each time they provide you new or updated banking details is one way to ensure those banking details are accurate.

But – with cyber criminals increasingly using phone calls to deceive people, can you really rely on phone calls?

Phone Call Scams on the Rise

One trend is now very clear – cyber criminals are using phone calls to carry out scams like never before.

A recent report from Scamwatch highlights this trend. Between 1 January 2021 and 19 September 2021, Australians lost over $63.6 million due to phone call scams. In dollar terms, this represents almost one third of all scams reported to Scamwatch during the period.

Out of 213,000 scams reported to Scamwatch during the reporting period, over half, or 113,000, were about phone scams.

Not only are the volumes of phone call scams increasing, the tactics cyber criminals use are more sophisticated than ever before. It is being reported that cyber criminals are calling or texting people and claiming to be from a well-known business or government agency. The goal is to deceive people into revealing personal information, including financial or banking information.

Of particular concern is the use of new technologies in carrying out these phone call deceptions. According to Scamwatch, cyber criminals are deploying ‘Flubot’ malware as part of their attack methods.

In a ‘Flubot’ attack, the cyber criminals send text messages to unsuspecting victims’ phones with a link to a fake voicemail message. Clicking the link directs the victim a webpage where they are prompted to install the malware in order to access the message.

This grants the attacker access to a range of data stored on the device, including credit card details, personal information, text messages, emails, etc.

With so many Accounts Payable staff still working from home, and many of them using their mobile devices for work purposes, such phone call scams represent a real threat to your organisation.

How to Stay Protected from Phone Call Scams

Sending malware through mobile devices isn’t the only risk associated with phone calls.

We know that cyber criminals are resorting to a number of other tactics involving phone calls as well. For example, the latest AI technologies allow individuals to impersonate another person over the phone. Known as ‘Deep Fakes,’ these can be used by attackers to impersonate your organisation’s CEO or CFO in order to trick Accounts Payable staff into making false payments.

We also know that cyber criminals are manipulating phone numbers in invoices, so when you conduct your call-back controls, you end up verifying bank account details with the very scammers who are trying to defraud you.

The lesson for any Accounts Payable team is clear: You need to be hyper-vigilant when it comes to phone calls.

  • Never trust inbound calls – it is too easy for cyber criminals to spoof a legitimate phone number.
  • Never rely on phone numbers in invoices – fraudsters are known to be manipulating these records.
  • Never click on unknown links sent via SMS – these can contain malware, giving attackers access to all the records stored on your mobile device.
  • Never follow instructions left in voicemail messages – cyber criminals are using Deep Fake technologies to impersonate others.

These are just a few of the ways in which your organisation is vulnerable to fraud and scams as a result of phone call tactics being employed by sophisticated cyber criminals.

Protecting your organisation requires a multilayered security approach incorporating people, processes and technologies.

People: Ensure your entire Accounts Payable team is aware of the threats posed by phone calls.

Processes: Ensure you have clear rules in place for how Accounts Payable staff need to handle phone calls to minimise the risks.

Technologies: Have the right tools in place to stop losses even if a cyber criminal manages to evade your other controls.

How eftsure can help you?

eftsure is a unique fraudtech solution that allows your Accounts Payable team to verify supplier banking details in real-time right as you are processing an invoice payment.

The eftsure platform sits seamlessly over your accounting processes. With easy to understand ‘green-thumb’ and ‘red-thumb’ signals, you will achieve visibility into whether others have used matching banking details when paying the same supplier.

This ensures that you are always paying a legitimate third party, even in circumstances where cyber criminals may have used tactics, such as scam phone calls, to deceive your Accounts Payable team into transferring the funds to them.

eftsure is the technology solution you need to ensure you stay secure from increasingly sophisticated scams.

Contact us today for a no-obligation demonstration of how eftsure can secure your organisation.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.