7 of the most common scams we are currently witnessing include:
· Phishing
Phishing is the attempt by cyber-criminals to either infect your IT systems with malicious software, or obtain confidential information from your organisation.
In a typical phishing exercise, scammers will spoof a legitimate organisation to send you fake emails.
These emails often contain dangerous links or attachments. When clicked or opened, they install malicious software, or malware, on your computer systems. Malware may install Remote Access Trojans or backdoors that grant the cyber-criminals unfettered access to all your systems and corporate data. Malware can also be wormable, spreading to other computers and facilitating data exfiltration.
Other phishing exercises may see criminals email you a link to a fake website where you need to enter confidential login and password credentials, often to online banking portals.
· Social Engineering
Social Engineering is the attempt by cyber-criminals to deceive people in your organisation into revealing confidential information that paves the way for them to initiate a scam against your organisation.
In many cases a Social Engineering attempt will see the scammers call your Accounts Payable team pretending to be a representative of one of your suppliers. They may attempt to have the supplier’s banking details updated in your ERP system. The next time you pay the supplier, the funds will be sent to a bank account controlled by the scammer.
· Business Email Compromise
The most common type of Business Email Compromise (BEC) attack we see involves scammers impersonating senior executives in victim organisations, such as the CEO or CFO.
BEC usually begins with the scammers gaining access to the executive’s email account. They then send legitimate-looking emails to Accounts Payable staff instructing them to make an urgent EFT payment.
· Vendor Email Compromise
Similar to a BEC attack, however Vendor Email Compromise (VEC) sees scammers targeting an organisation’s suppliers.
Once a supplier’s email systems are compromised, the scammers proceed to email all the supplier’s commercial partners with updated bank account details. A VEC attack is now preferred by many scammers as one breach paves the way to target many other organisations.
· Deepfakes
New advances in Artificial Intelligence (AI) technologies are enabling scammers to create highly realistic audio and video impersonations that are able to easily deceive most people.
By feeding a short audio or video sample of an organisation’s CEO or CFO into the latest software programs, it is possible to create a fake recording of that executive giving payment instructions to Accounts Payable staff. When unsuspecting staff hear or see a message from their CEO/CFO instructing them to process an EFT payment, there is no indication that the message is actually fake.
· Business Identity Theft
There is much coverage of individual identity theft. Scammers obtain essential information about an individual before applying for loans or credit cards in that individual’s name.
Similar tactics can be employed against an organisation.
Business Identity Theft may result in scammers stealing sensitive corporate data as a first step in committing various crimes. These may include tax fraud, applying for business loans or credit cards in the business name, holding domain names or trademarks for ransom or manipulating business registration details.
· Remote Access Scams
In these scams, someone claiming to be from an organisation’s IT department, or a representative of a third-party IT/Telco company, calls the Accounts Payable team, claiming to have identified a problem. The scammer requests remote access over the device in order to repair the fake problem.
Once the unsuspecting victim is duped into providing access to their device, the scammer will gain access to a range of applications and confidential information that can be used to defraud the victim organisation.
How eftsure can help you prevent scams
Scams are increasingly sophisticated. Blaming and shaming the victims of scams is definitely the wrong approach. It is not fair to expect Accounts Payable staff to be experts in every type of scam, especially with scammers constantly adapting their tactics to take advantage of new perceived vulnerabilities.
A much better approach is for organisations to share information with each other. This is the eftsure approach.
We aggregate banking information from over 2 million Australian organisations into a comprehensive database. This platforms sits on top of your accounting processes, enabling you to check in real-time whether the supplier banking information you are using to pay an invoice was also used by other organisations when paying the same supplier.
By sharing information, every organisation benefits through an enhanced ability to thwart scammers, irrespective of any new tactics they adopt.
Contact eftsure today for a full demonstration of how we can also help your organisation avoid increasingly sophisticated scams.