Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
Accounts payable fraud is becoming more rampant than in previous years. Cybercriminals are targeting organisations of all sizes with sophisticated cyber attacks. Not to mention, the Australian Competition & Consumer Commission (ACCC) reported in 2021, Australian businesses lost $277 million to payment redirect scams.
The damage of accounts payable fraud is too significant for CFOs to dismiss.
The consequence of having insufficient internal controls is difficult for anyone to recover. To combat AP fraud, we are exploring what accounts payable fraud is, types of AP fraud, detection, and prevention methods.
Accounts payable fraud can strike any business. The attack can come from external perpetrators or an insider threat. The intent of the attack, is to deceive the accounts payable department in an effort to process fraudulent payments.
From small to medium businesses to large enterprises, every payment must be processed through the AP department. It is essential to recognize the type of scams involved, so CFOs and accounts payable managers know what to look out for.
Accounts payable fraud can come in several forms, below are the most common threats:
Billing schemes are designed to attack the payments system of a business. This can occur when an accounts payable staff member has issued a fraudulent payment while recording the payment as a legitimate business expense. This is also known as false invoicing.
This type of AP fraud can be hard to detect. Other forms of billing fraud can take place such as:
Similarly, to how a business email compromise attack is formed, master data manipulation involves an external perpetrator. The perpetrator impersonates a third-party vendor and informs the organisation that their bank details have changed.
Cybercriminals achieve this type of fraud through the use of social engineering. If the AP team does not verify the recipient, then they may be paying a fraudulent account.
A kickback scheme is considered to be a form of bribery and anti-competitive conduct. In this case, an employee may conspire with a third-party vendor and deprive the organisation of money. This is achieved when the employee inflates a supplier invoice to share profits.
The employee may then be considered an “insider threat.”
Business email compromise (BEC) is a scam where cybercriminals use phishing emails to target organisations out of money or goods. Criminals may impersonate business representatives such as the CEO or CFO to commit fraudulent activities.
According to the Australian Cyber Security Centre (ACSC), there are three types of BEC scams such as:
Cybercriminals use identity theft to steal your organisation’s and suppliers’ information and use it to commit other fraudulent activities or sell it on the dark web to make profits. Once the information is stolen, they may attempt to deceive your accounts payable team into making the wrong payment.
Executives should look to create and enforce policies to identify and report any form of accounts payable fraud. By assigning security roles in each department, and enabling segregation of duties, AP managers and CFOs can regularly monitor and analyse any red flags in transactions that may point to potential fraudulent activity.
AP staff who perform more than one red flag should be considered as “high alert” and must be monitored:
If you are a CFO or finance director, then you must incorporate prevention methods to avoid your AP department making errors or fraudulent payments.
Once your team can identify the type of threats they are faced with, they can proactively manage accounts payable threats effectively and report back. Here are several techniques to get you started:
CFOs can start strengthening internal controls by automating manual controls and removing any duplicate processes. By having these controls in place, you can safeguard your organisation’s assets to improve fraud detection and prevention.
You can start incorporating the following to reduce the risk of AP fraud:
Developing a strong anti-fraud culture will effectively help your organisation prevent, detecting and responding to fraud. A positive culture will encourage accounts payable staff to work ethically as well as combat fraudulent activities.
According to the Commonwealth Fraud Prevention Centre, the five main levels of implementing an anti-fraud culture are the following:
By implementing strong internal controls, anti-fraud culture, and technology to continuously monitor fraud risk indicators, you are significantly minimizing the risk of accounts payable fraud.
Utilizing technology software has proven to be an effective solution to proactively detect fraud, allowing you to investigate fraudulent payments.
Visit our quick guide for more information about how to prevent accounts payable fraud, to start incorporating prevention methods in your accounts payable team.
Your accounts payable team is faced with all types of fraud internally and externally each year. Whether they are faced with sophisticated phishing emails or are conspiring with third-party vendors, cyber crime syndicates will stop at nothing.
PwC’s Global Economic Crime and Fraud Survey 2022 shows that 46% of surveyed organisations reported experiencing some form of fraud or other economic crime within the previous 24 months. Without establishing strong internal controls and promoting anti-fraud culture in the workplace, you may fall victim to accounts payable fraud.
With Eftsure, not only are you able to identify errors, payment fraud, and scam attempts but you can also verify new onboarded suppliers and track any payment information if changed.
With our unique green and red thumb indicators, your accounts payable team can identify, in real-time, each outgoing payment and ensure it is being sent to the intended legitimate third party. This gives your AP team assurance that they are not being defrauded when processing EFT payments.
Contact Eftsure today, for a full demonstration of how we can protect your organisation against accounts payable fraud.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.