Cyber Brief for CFOs: November / December 2024
All the news, tactics and scams for finance leaders to know for November / December 2024.
Cybercrime is a serious problem that is rapidly growing crime in the world. It is estimated to cost the world economy $600 billion every year. One in two businesses say they have been the victim of economic crime or fraud in the past, according to a Price Water House Coopers (PwC) survey published in June 2018 of more than 7,000 organisations across the globe.
Crime Stoppers NSW are putting more effort into cybercrime to keep Australian small businesses safe. Businesses are becoming more victims of various types of cybercrime like cyber fraud and scams. The introduction of this new anti cybercrime initiative was an important event to let the Australian small business community know they are not alone in the face of threats like these.
In the PwC survey, of the respondents who considered cybercrime the most disruptive form of crime, 14% had lost $1m or more. And experts have reported that approximately 90% of cyber frauds begin with or involve an email.
In that context, eftsure, has partnered with Crime Stoppers NSW in an effort to curb cybercrime with a particular focus on one specific and fast growing aspect of cybercrime – Business Email Compromise (BEC) – a fast growing online scam putting Australian small business owners and overseas businesses at risk.
BEC is a damaging form of cyber fraud, taking advantage of a gap in payment systems and uses social engineering (social media) to dupe businesses into believing supplier bank account details have changed. This leads to them paying into the wrong credit card account. The result is devastating financial loss that is extremely difficult, if not impossible to recover.
There are few, if any, singular tools to prevent losses from BEC attacks, however eftsure, in uniquely being able to flag erroneous or fraudulent payments before they’re made, is one such tool and a powerful preventative measure.
Established in 2016 and founded by a team of banking technology and accounting professionals – Mike Kontorovich, Ian Mirels and Mark Chazan – eftsure provides specialised technology to businesses to validate the integrity of their payment data, raising an alarm before payment is made into the wrong account. To date, eftsure has protected over $3.5 billion in payments in Australia.
When running a BEC scam, fraudsters don’t attack a company directly but rather infiltrate its suppliers’ e-mail systems so that they can send what appear to be real invoices to the targeted company. The invoice is sent from a legitimate address and contains what looks to be a legitimate invoice.
However, the bank account details and personal information will have been changed. Because the banking system does not allow for account names to be checked against BSB and Account Numbers at the time of payment, companies are unknowingly making payments to the hacker’s account.
Pre-scam, employees often rely on personal details and bank statements to be correct. A better strategy, as we see with this case, is to make an employee share unnecessary banking information with co-workers or slowing down the payment process.
“The explosive growth in business payments fraud is fuelled by a perfect storm of social engineering, identity fraud and gaps in payment systems. Businesses aren’t paying who they think they’re paying”.
eftsure’s CEO, Mike Kontorovich
“No one is immune, from small business to large corporations BEC scams are hitting Australia at an alarming rate. These scams are highly sophisticated and financial software systems just can’t keep up. Once payment is made into a fraudulent account it is almost impossible to retrieve,” Mike Kontorovich said.
Firstly, stay up to date on the latest scams and ensure your employees, colleagues and trading partners are also aware.
Secondly, implement security hygiene by never sharing passwords across multiple sites or never using weak passwords.
Thirdly, establish protocols such as separation of duties and independent verification to bank details.
Finally, use new digital tools to enhance payments security such as fraud prevention and detection tools.
eftsure’s “Know Your Payee” technology works with any Australian bank and provides businesses with rich data on suppliers in real-time, raising a red flag if account details are unusual. Leading Australian companies in every major industry from schools to ASX Top 50 enterprises have already signed up for eftsure’s Know Your Payee payments protection service. It’s a small investment that could prevent thousands, if not millions in losses and offers peace of mind.
Director & CEO for Crime Stoppers (NSW), Mr Peter Price AM said, “The extent and growth of cybercrime is staggering and it is transnational by nature so in most instances the perpetrator is offshore. This makes it difficult to investigate, charge and arrest then add the complication of extradition.
With all this working against us, the clear opportunity is to equip ourselves better from becoming a victim in the first place. It makes sense for Crime Stoppers to team up with eftsure who can help prevent this crime, making businesses safer and owner operators smarter”.
“The digital world has changed the business landscape. We are solving problems that were historically unsolvable. There is now no need to be ok with the risk and error your company has previously lived with,” added Mike Kontorovich.
Crime Stoppers NSW and eftsure have embarked on an awareness campaign involving workshops, events and marketing, to prevent BEC cybercrimes before they impact Australian businesses.
By getting in touch with NSW Crime Stoppers with information about any criminal activity that you are aware of in any Australian jurisdiction, you will be of service to law enforcement. Contact crime stoppers by a free call in Australia 1800 333 000, 1800 025122, (02) 93846467 or via email.
All the news, tactics and scams for finance leaders to know for November / December 2024.
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all …
Discover key insights from the OAIC report on data breaches, including the impact of human error and strategies for CFOs to protect their organisations.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.