Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Business Email Compromise (BEC) — where hackers steal the login details of people in supplier/vendor organisations to issue fake invoices or change bank detail requests — is becoming a major issue for local companies.
The scam was used by a Lithuanian hacker to trick Facebook and Google into handing over $172m between 2013 and 2015.
The hacker, Evaldas Rimasauskas, sent fake invoices to employees of the two tech giants that appeared to be from a major Taiwanese hardware maker, which was a business partner of both companies.
The invoices and bank change requests come from legitimate email addresses and often include a prior email trail of messages, lulling companies into a false sense of security.
While Google and Facebook were able to recover their loses, with Rimasauskas currently serving a five-year sentence in prison, BEC remains a serious threat to the corporate sector, according to Australian secure payments data platform EFTsure.
EFTsure’s technology verifies supplier bank account details and other compliance information before a payment is made.
According to co-founder and CEO Mike Kontorovich, BEC attacks are getting more sophisticated, with hackers targeting the supply chain to break in to corporate systems.
“What we are seeing is that a big company’s partner may get their system hacked and then the cybercriminals send invoices and emails that are valid,” he said.
“The banks leave the accountability to their customers, so at the corporate level where you are paying a lot of people you wouldn’t pick up a fraudulent account up immediately,” he said.
“Our financial controls aren’t quite there yet, even though digital payments are everywhere.”
EFTsure has a joint business relationship with PwC Australia, through the professional services firm’s Align program.
“We look at technology from upcoming companies and introduce them to our larger clients,” PwC partner Ross Thorpe said.
“EFTSure is solving a big problem (for) a number of our clients. Using crowd-sourcing as part of the solution is great idea.”
Author: Supratim Adhikari, Technology Editor at The Australian
First published in The Australian on 11th February 2020
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
US construction and government sectors lost $7.7 million in BEC scams. Learn how fraudsters exploited financial controls and how finance leaders can protect their organisations.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.