Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Few inputs are as widely used as steel in Australia’s critical infrastructure. Without steel, our transportation systems, energy and utilities infrastructure, as well as healthcare and educational facilities, would not exist.
The significance of steel to Australian critical infrastructure means that any disruption to our steel supply chains, from manufacturing mills through to end users in construction, heavy engineering and manufacturing, will inevitably have widespread consequences for our society and economy.
For this reason cyber-attackers are actively targeting the steel sector. They know that any disruption to steel supply chains will be devastating, which is why many within the steel sector are actively taking steps to strengthen their cyber-resilience.
One key challenge facing the steel sector is cyber-fraud.
Typically, cyber-criminals compromise an organisation’s email and IT systems in order to conduct reconnaissance, monitor communications and identify opportunities to commit invoice redirection scams.
In a Business Email Compromise (BEC) attack, cyber-criminals impersonate a representative of the target organisation, such as the CEO or CFO, by issuing instructions via email to their Accounts Payable team to process a fraudulent EFT payment. In a Vendor Email Compromise (VEC) attack, cyber-criminals spoof a supplier by sending fake emails requesting that their banking details be changed.
Attackers are also known to be manipulating banking details in invoices or hacking into ERP systems to manipulate supplier data.
In all cases, such attacks result in funds being diverted to a bank account controlled by the criminals.
According to the latest Annual Cyber Threat Report 2020-21 from the Australian Cyber Security Centre (ACSC), there were over 4,600 BEC attacks reported in Australia last year. This resulted in over $81 million in losses. Concerningly, this represents a 54 per cent increase in financial losses based on the previous year.
For any organisation in Australia’s steel supply chain, cyber-fraud is more than simply a financial problem. Not only could your organisation face substantial losses, but cyber-fraud is often committed by the same global syndicates that regularly engage in ransomware and other types of cyber-attacks.
If your organisation is seen as vulnerable to cyber-fraud, it could indicate to cyber-attackers that your systems are also vulnerable to other attack vectors, making you more likely to be repeatedly targeted.
The resulting financial losses, as well as long-term reputational damage, can be devastating for your organisation.
There are three key measures your organisation should be focused on to prevent cyber-fraud:
Ensure your entire Accounts Payable team are aware that cyber-criminals are actively targeting your organisation in order to commit cyber-fraud. All staff need training in the types of attacks that are regularly being perpetrated, so they have a better understanding of the suspicious activities they need to look-out for.
By enhancing your controls, you can improve your organisation’s ability to identify potentially fraudulent activity. Ensure you conduct call-backs with vendors when onboarding them into your ERP system, as well as every time they request a change to any of their details. Also ensure that access to vendor files is restricted to a limited number of individuals within your Accounts Payable team.
Using the latest technologies is critical in helping prevent cyber-fraud. The right technologies can ensure your Accounts Payable team achieves greater levels of visibility and operational efficiency.
eftsure has pioneered a unique fraudtech solution that sits on top of your existing payment systems. For organisations in the steel supply chain that process large volumes of supplier invoices, eftsure’s unique platform provides real-time visibility into the legitimacy of EFT payments via ‘green-thumb’ or ‘red-thumb’ signals. These indicate whether the banking details you are using to process an EFT payment match the details used by other companies when paying the same supplier.
Contact eftsure today to learn how we can help mitigate your organisation’s exposure to cyber-fraud.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
US construction and government sectors lost $7.7 million in BEC scams. Learn how fraudsters exploited financial controls and how finance leaders can protect their organisations.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.