Cyber Brief for CFOs: October 2024
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Each month, the team at eftsure monitors the headlines for the latest Accounts Payable security news. We bring you all the essential learnings, so your Accounts Payable team can stay secure.
Insider fraud can manifest in many different ways.
Sometimes, those who demonstrate strong loyalty and commitment to their employer simply can’t resist the temptation of personal enrichment when, due to lax accounting controls, the opportunity arises.
That was the view expressed by Justice John Pickering upon sentencing Matthew Hanks, the former General Manager of Surf Life Saving NSW (SLS NSW), to over three years jail for defrauding the leading volunteer organisation.
“He did actually care for the organisation, he did actually have some good friends there, he did actually work very hard there, and life isn’t always as simple as black and white. Humans are complex,” said Justice Pickering.
Hanks, a 52-year old father of three, had carried out a number of frauds against his employer, including selling himself used SLS NSW vehicles at wholesale prices, which he then on-sold at retail prices, and contracting out printing work to an undisclosed company he owned, before sub-contracting out the work to cheaper printers and pocketing the difference.
However, most grievous was his manipulation of cheque details which allowed him to deposit a $121,000 government grant for a new SLS club house in Port Macquarie into his personal bank account.
Justice Pickering described as “extraordinary” the fact that the organisation’s accounting controls were so lax that they allowed Hanks to steal the government grant funds, and the fraud was not uncovered for so long.
Since being caught, Hanks has endeavoured to repay a significant amount of the defrauded funds back to SLS NSW.
The important lesson in this case is that anyone can be tempted to carry out fraud, even those with no criminal history and who are genuinely committed to their employer. No organisation should operate on trust alone. Having robust internal accounting controls in place is critical for all organisations to ensure no opportunity exists for any insider to engage in fraud or theft.
We are all aware of the risks of Business Email Compromise (BEC). Scammers gain unauthorised access to email accounts in order to redirect payments into bank accounts they control.
Now, there is a new threat emerging that exploits video conferencing technologies.
We call it: Business Video Compromise, or BVC.
According to the FBI, scammers are increasingly turning to video conferencing tools to trick unsuspecting victims into handing over money. Whether it’s Zoom, MS Teams or any other video conferencing technology, the volume of these types of scams has escalated significantly during the pandemic as a result of the shift to remote working.
According to the FBI, scammers have been using email to invite employees to participate in video conference meetings. The scammer seeks to impersonate an executive of the target organisation, such as the CEO or CFO, by inserting a still picture of the executive with no audio, or they use “deep fake” audio, and claim their video/audio is not properly working.
Once employees are in the virtual meeting, the scammers proceed to instruct them to initiate funds transfers.
The FBI makes several recommendations to protect your organisation from these types of scams:
January 2022 saw 21,110 scams reported to Scamwatch, an initiative of the Australian Competition and Consumer Commission (ACCC). That figure represents a massive 45% increase on the previous month.
Of particular concern is the spike in false billing scams being reported.
False billing scams request you or your business to pay fake invoices for supplies that you did not order. It could also be a scammer impersonating one of your suppliers, who tells you that their bank details have changed, and a payment ends up being sent to a bank account controlled by the scammer.
Whilst December 2021 saw 968 false billing reports, that figure increased to 1,251 in January 2022.
The overwhelming majority of the $2,020,876 lost through false billing scams in January occurred due to manipulated emails.
Despite this, most attempted false billing scams occurred due to fake phone calls.
This is an important reminder for all Accounts Payable teams that phone scams can be just as big a threat as email-based scams.
Read our tips on how your AP team can avoid falling victim to phone scams.
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Discover key insights from the OAIC report on data breaches, including the impact of human error and strategies for CFOs to protect their organisations.
Discover key trends from SXSW’s “Friend or Foe: Whose Side is AI on in the Digital Scam Wars?” and how AI is transforming both fraud prevention and execution.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.