Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Covid-19 is impacting Australia in ways that reveal systemic weaknesses in the national economy. Perhaps most significantly, supply chain constraints are putting unprecedented pressure on many organisations as they struggle to procure the essential inputs to maintain business operations.
One consequence of disrupted supply chains could be a rise in fraud rates as cyber-criminals seek to take advantage of organisations under pressure and struggling to maintain pre-pandemic third-party due diligence and screening.
In this blog we will explore how supply chain constraints pose a potential fraud risk to many organisations and how Accounts Payable teams can maintain essential controls despite the challenging environment.
Our position as a trading nation that is heavily reliant on the importation of manufactured goods, as well as the geographical dispersion of our major population centres, contribute to making Australia particularly vulnerable to supply chain disruptions.
On top of this, the prospect of essential goods shortages and protracted lockdowns have resulted in panic buying, a trend that has been exacerbated by scenes of empty supermarket shelves in the media.
The pandemic’s global nature means that manufacturing is being disrupted in all industrialised economies, whilst international freight times, whether by sea or air, are being severely impacted.
At the same time, Australia is confronted by a surge in infection rates due to the Omicron strain, resulting in large numbers of furloughed staff, impacting domestic logistics and transportation networks. All these factors are coalescing to result in severe supply chain constraints that are impacting every sector of the economy, from agriculture to construction and retail
For organisations facing prolonged supply chain constraints, there is intense pressure to secure additional suppliers that can step in and meet demand when needed.
However, in the race to procure inputs from new suppliers, there is a risk that shortcuts will be taken around conducting supplier due diligence and third-party screening. Whenever an organisation begins onboarding a new supplier, extensive verifications should be conducted to determine whether the supplier is in good standing and meets a range of compliance standards. Whilst these standards may vary according to industry, in all cases it is essential that the supplier’s bank account information be thoroughly verified to mitigate against the risk of fraudulent EFT payments.
In what’s known as a Business Email Compromise (BEC) attack, hackers gain access to supplier email systems and manipulate invoice data. When an unsuspecting organisation pays an invoice, they inadvertently send the funds to bank accounts controlled by the attackers.
Such fraud crimes are notoriously difficult to stop, and it’s almost impossible for law enforcement to identify and catch the criminals as they are mostly located overseas.
The risk of BEC attacks to organisations is exacerbated when Accounts Payable teams lack the time or resources to undertake extensive due diligence on suppliers. In circumstances where the pressure is on to hurriedly onboard unvetted suppliers, and invoice processing is expedited in an attempt to procure essential goods rapidly, cyber-criminals have more opportunities to successfully carry out BEC attacks without getting caught.
In fact, the Australian Cyber Security Centre (ACSC) reports in its Annual Cyber Threat Report 2020-2021, that BEC rates are increasing faster than any other type of cyber-attack. Last financial year saw over 4,600 BEC incidents reported to the agency, with total losses exceeding $81.5 million. Concerningly, this is a 15% increase on the previous year. Of even greater concern is the average amount lost in a successful BEC attack, which rose a whopping 54% to $50,600 over the previous year.
Despite the pressures on organisations to rapidly onboard new suppliers in response to supply chain constraints, it’s critical that they not take shortcuts when it comes to conducting third-party due diligence and screening.
Verifying bank account data is a critical control that cannot be neglected. The risk of financial fraud is too great when Accounts Payable teams fail to undertake essential activities such as call-backs or 3-way invoice matching. With BEC attacks rising rapidly, it’s only a matter of time before cyber-attackers target an organisation. Unless the Accounts Payable team is adhering to best-practice supplier due diligence and screening, the organisation could find itself the victim of a major fraud event.
Eftsure helps organisations of all sizes mitigate the risk of BEC attacks with our proprietary database comprising over 2 million Australian organisations. With eftsure sitting on top of an organisation’s accounting systems, all outgoing EFT payments are verified in real-time, immediately prior to processing against the database. Any payments that do not match are immediately flagged, pending further investigation. This helps significantly reduce the opportunities for cyber-criminals to manipulate invoice data for financial gain.
With eftsure, it is possible for busy Accounts Payable teams to verify supplier data continuously and automatically, thereby reducing manual workloads. Best of all, eftsure enables the onboarding of new suppliers securely and efficiently, which is critical at a time of severe supply chain constraints.
Contact us today for a full demonstration of how organisations across Australia are addressing supply chain challenges with eftsure.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud is usually associated with deception, manipulation, and crime, but what many people don’t realize is that not all scams are illegal. …
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.