Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
The US Securities and Exchange Commission (SEC) has shifted its cryptocurrency fraud unit into the Cyber and Emerging Technologies Unit (CETU), focusing more on AI-related fraud, blockchain, and other cyber-related misconduct. The move follows the Trump administration’s stated aim to reassess cryptocurrency regulation.
Separately, officials have claimed that a government review uncovered up to $500 billion in financial mismanagement, citing weak payment controls. See our full explainer about these claims and what they might reveal about payment risks.
Scammers are sending legitimate PayPal emails that bypass security filters, exploiting the platform’s address notification system. When adding new “gift addresses” to accounts, scammers have taken to including fake MacBook purchase confirmations with unauthorized phone numbers in the address fields.
These official-looking emails prompt recipients to call fake support numbers where scammers attempt to install remote access software. BleepingComputer confirmed the vulnerability by testing the address feature, which automatically sends notifications containing whatever text was entered.
Scammers tend to operate in a variety of environments—some are connected to well-funded syndicates and organizations that look and function much like legitimate businesses, while others act as rogue agents. But some crime syndicates exploit trafficked or exploited victims to carry out their dirty work.
A recent investigation published in The Guardian sheds light on those victims, revealing the brutality of Myanmar’s notorious scam compounds.
Over 260 people, including nationals from Africa and Asia, have escaped compounds where they allegedly faced electric shocks, beatings and 15-hour workdays. Victims claim they were lured by promises of IT jobs but were instead trafficked across borders and forced to conduct online scams worth billions annually. Thailand has launched a major crackdown, with authorities claiming that 7,000 people are still awaiting rescue.
The United Nations estimates that over 220,000 people are trapped in similar operations across Myanmar and Cambodia.
Large-scale phishing attacks just got a little easier to carry out. Cybercriminals behind the Darcula phishing-as-a-service (PhaaS) platform are preparing a new version that allows users to clone any legitimate website, further minimizing the expertise needed to create convincing phishing pages.
The latest version also allegedly enables fraudsters to generate phishing kits instantly and convert stolen credit card details into digital wallet-ready images.
Security firm Netcraft has detected over 95,000 new Darcula phishing domains since last year.
Chinese AI app DeepSeek is facing scrutiny over data privacy risks, with experts warning it could expose companies to cyber threats. The app’s terms state that user data is stored on Chinese servers, raising concerns about potential government access. Italy and Taiwan have banned it, while US officials say they’re still reviewing its security risks.
Microsoft and Amazon have already made the open-source reasoning model available on their platforms, but cybersecurity firms have instituted widespread company blocks and claim that there are significant risks of data leaks.
While DeepSeek may not radically change the overall shape of AI-related security concerns, it’s likely another development that further accelerates existing risks.
The Federal Bureau of Investigation (FBI) and Dutch authorities have dismantled a Pakistan-based network accused of enabling large-scale fraud. This included the seizure of dozens of domains associated with selling tools for phishing, identity theft, and business email compromise (BEC) scams.
Discover key 2025–26 Budget updates on cyber, compliance & digital ID—what finance leaders need to know to protect payments and stay audit-ready.
Payment redirection scams surged 66.6% in 2024. What CFOs and finance teams need to know now to stop losses before they happen — insights from ACCC data.
Why NZ finance teams face growing payment fraud risks in 2025—and why manual controls like spreadsheets won’t protect you.
End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.
