Sydney hospital loses $2 million in alleged BEC fraud
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
A Weak Link for Accounts Payable
As cyber criminals confront increasingly sophisticated security controls, they are resorting to phone call scams in order to take advantage of another area of perceived weakness.
For any CFO or Accounts Payable manager, phone calls have long been used as a tactic to verify bank details when onboarding a new supplier or prior to issuing a payment. Conducting call-backs to suppliers each time they provide you new or updated banking details is one way to ensure those banking details are accurate.
But – with cyber criminals increasingly using phone calls to deceive people, can you really rely on phone calls?
One trend is now very clear – cyber criminals are using phone calls to carry out scams like never before.
A recent report from Scamwatch highlights this trend. Between 1 January 2021 and 19 September 2021, Australians lost over $63.6 million due to phone call scams. In dollar terms, this represents almost one third of all scams reported to Scamwatch during the period.
Out of 213,000 scams reported to Scamwatch during the reporting period, over half, or 113,000, were about phone scams.
Not only are the volumes of phone call scams increasing, the tactics cyber criminals use are more sophisticated than ever before. It is being reported that cyber criminals are calling or texting people and claiming to be from a well-known business or government agency. The goal is to deceive people into revealing personal information, including financial or banking information.
Of particular concern is the use of new technologies in carrying out these phone call deceptions. According to Scamwatch, cyber criminals are deploying ‘Flubot’ malware as part of their attack methods.
In a ‘Flubot’ attack, the cyber criminals send text messages to unsuspecting victims’ phones with a link to a fake voicemail message. Clicking the link directs the victim a webpage where they are prompted to install the malware in order to access the message.
This grants the attacker access to a range of data stored on the device, including credit card details, personal information, text messages, emails, etc.
With so many Accounts Payable staff still working from home, and many of them using their mobile devices for work purposes, such phone call scams represent a real threat to your organisation.
Sending malware through mobile devices isn’t the only risk associated with phone calls.
We know that cyber criminals are resorting to a number of other tactics involving phone calls as well. For example, the latest AI technologies allow individuals to impersonate another person over the phone. Known as ‘Deep Fakes,’ these can be used by attackers to impersonate your organisation’s CEO or CFO in order to trick Accounts Payable staff into making false payments.
We also know that cyber criminals are manipulating phone numbers in invoices, so when you conduct your call-back controls, you end up verifying bank account details with the very scammers who are trying to defraud you.
The lesson for any Accounts Payable team is clear: You need to be hyper-vigilant when it comes to phone calls.
These are just a few of the ways in which your organisation is vulnerable to fraud and scams as a result of phone call tactics being employed by sophisticated cyber criminals.
Protecting your organisation requires a multilayered security approach incorporating people, processes and technologies.
People: Ensure your entire Accounts Payable team is aware of the threats posed by phone calls.
Processes: Ensure you have clear rules in place for how Accounts Payable staff need to handle phone calls to minimise the risks.
Technologies: Have the right tools in place to stop losses even if a cyber criminal manages to evade your other controls.
eftsure is a unique fraudtech solution that allows your Accounts Payable team to verify supplier banking details in real-time right as you are processing an invoice payment.
The eftsure platform sits seamlessly over your accounting processes. With easy to understand ‘green-thumb’ and ‘red-thumb’ signals, you will achieve visibility into whether others have used matching banking details when paying the same supplier.
This ensures that you are always paying a legitimate third party, even in circumstances where cyber criminals may have used tactics, such as scam phone calls, to deceive your Accounts Payable team into transferring the funds to them.
eftsure is the technology solution you need to ensure you stay secure from increasingly sophisticated scams.
Contact us today for a no-obligation demonstration of how eftsure can secure your organisation.
A Sydney hospital lost $2M in a BEC scam. Learn how to protect your business with MFA, email authentication, and robust financial controls.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.