Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
Following the massive Optus data breach, the personal information of millions of Australians could now be up for sale to the highest bidder. We are going to see an unprecedented range of finance and accounting scams in the coming months. The tactics, psychological techniques and procedures scammers use to defraud organisations will be limited only by their imaginations.
Many organisations already implement cyber security training for their staff. Ensuring staff have an understanding of phishing, the importance of strong passwords, and the need for Multi-Factor Authentication is really important. However, it is inadequate.
Scammers play sophisticated psychological tricks to fool people. Unless staff are able to get into the mindset of scammers, they will always be vulnerable to trickery and deception.
This is particularly true for accounts payable (AP) staff, who are all too often targeted by scammers due to their ability to access an organisation’s finances and bank accounts.
The first myth that absolutely must be dispelled is that only foolish people get scammed.
This is a really dangerous misconception. After all, nobody likes to think of themselves as foolish. If people believe that only foolish people fall for scams, they may assume that they could never be deceived. This could then lead to dangerous complacency – ironically making them more likely to become scam victims.
It’s important to have open and transparent communications in your organisation about scams. Those who are victims should not be made to feel ashamed or foolish. Everyone should be able to speak openly about any instances when they have been targeted, so we can all learn from each other’s experiences.
Consider setting time aside on a regular basis for your AP team to discuss and learn about real-world scams. Your team could either share their personal experiences, discuss scam news they may have come across in the media, or watch videos, such as Zoom to Doom, which takes a deep dive into how one leading Australian hedge fund was scammed out of millions of dollars.
We know that a person’s level of intelligence has no bearing on whether they will be scammed. So, what character traits may point to a person being more susceptible to scams?
It appears that those of us who are trusting and agreeable may be more prone to falling victim to a scammer.
Many times, a scammer will attempt to win the trust of a potential victim by impersonating a known, trusted figure, such as their AP manager, or their organisation’s CFO. Often, agreeable staff will act swiftly to fulfil any requests they receive from a trusted authority figure.
Whilst acting swiftly may be good for productivity, it may not be good for security. Processes need to be in place that ensures staff verify any instructions or requests they receive before complying with them, particularly when those instructions or requests involve money.
Whilst scammers are always inventive, there are six main types of tricks they use to scam people:
While comprehensive policies and procedures, robust internal controls, segregation of duties and regular auditing, CFOs and AP managers can protect their organisations from most of the tricks scammers use.
However, scammers are always ingenious. They continuously look for new ways to deceive people. Is it fair to expect your AP staff to always be on the lookout for scammers? This can contribute to heightened levels of stress and reduced productivity.
Only an automated system for detecting red flags such as unauthorised outbound payments can offer the level of protection you need at a time when scams are increasingly duplicitous.
Eftsure sits on top of your existing accounting processes. Each time an outgoing payment is being processed, the transaction details will be cross-matched in real time against the Eftsure proprietary database.
Our database, comprising over 90% of actively trading Australian corporate entities, aggregates data from many thousands of independent data sources. This gives you the assurance that the funds you are transferring are legitimate and have not been manipulated in any way by sophisticated scammers.
At a time when all Australians need to be on heightened alert to the risks of scams, there’s never been a more important time to use every tool at your disposal to stay protected.
Contact us today to make Eftsure an integral weapon in your armoury against scammers.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.