All the news, tactics and scams for finance leaders to know about in November 2023.
Payment Security 101
Learn about payment fraud and how to prevent it
Each month, the team at Eftsure monitors the headlines for the latest Accounts Payable security news. We bring you all the essential learnings, so your Accounts Payable team can stay secure.
A long-awaited code requiring telcos to step up their fight against SMS scams is now in force.
The “Reducing Scam Calls and Scam Short Messages Code” requires telecommunications companies to identify, trace, and block SMS scams.
The new code, developed following extensive industry consultations, is now being enforced by industry regulator, the Australian Communications and Media Authority (ACMA).
“SMS scams can be highly sophisticated and have devastating financial and emotional impacts for victims,” ACMA chair Nerida O’Loughlin said.
A recent report from Scamwatch highlights this trend. Between 1 January 2021 and 19 September 2021, Australians lost over $63.6 million due to phone call scams. In dollar terms, this represents almost one third of all scams reported to Scamwatch during the period.
Sophisticated cyber criminals have the ability to spoof legitimate phone numbers. This technique has been used by fraudsters to deceive Accounts Payable teams into thinking their company’s CEO or CFO is sending them instructions to process payments.
Despite efforts to block scam SMS messages, AP teams should never assume that a phone or SMS message is legitimate. A call-back should always be initiated before any payments are processed to verify the authenticity of the message.
Industry body, CA ANC (Chartered Accountants – Australia New Zealand) is stepping up to assist small and medium businesses in their fight against cyber-crime.
Its new cyber-security hub aims to help SMEs prevent, prepare for – and if it happens – recover from cyber-attacks.
“Attempted robbery, blackmail and fraud have always been a big issue for small businesses, but these days criminals are trying to get in via the laptop rather than the back door,” said Ainslie van Onselen, CEO of CA ANZ.
“When it comes to cyber-crime, it’s a matter of when, not if, someone will try something against your business.”
CA ANZ’s new cyber-security hub will help SMEs assess risk and create a cyber plan, focusing on:
This important new initiative from CA ANZ promises to be a significant help for many SMEs. However, given that Business Email Compromise is the most prevalent type of cyber-crime, any cyber-security planning should also include specific measures to mitigate the risk of misdirected payments.
Scammers never rest on their laurels. Now researchers are seeing them resort to a new type of attack technique – voice-based phishing attacks known as “vishing.”
In this attack vector, scammers send false invoices via email. In the email, the scammers falsely claim that a credit card has been charged for a fictitious purchase order (PO). The email recipient is instructed to call a phone number should they wish to dispute the charge.
Once the target calls, they are asked for bank account information, login credentials, or other personally identifiable information.
The scammers are known to impersonate major IT companies including Amazon, Apple, PayPal, and McAfee in their emails. They are known to use the QuickBooks’ free 30-day trial offer to set up fake accounts from which to send the fraudulent emails, thereby evading most detection tools.
To prevent falling victim to such scams, it’s critical to independently source any phone number for any organisation you need to call in order to verify any transactions. Never rely on phone numbers contained in emails, as the email may not be legitimate.
The cost of global online payment fraud is expected to soar to over $343 Billion over the next five years, according to a recent report by Juniper Research.
Online payment fraud attacks can include phishing, Business Email Compromise and socially engineered fraud.
According to the report, online payment fraud losses are being driven by fraudster innovation in areas such as account takeover fraud, where a user’s account is hijacked. This is despite the wide employment of identity verification measures.
The research found that in order to combat rising fraud, organisations must implement the right mix of verification tools. A defence-in-depth approach, in which multiple layers of security controls are in place, remains the best strategy for protecting your organisation.
With cybercrime on the rise, it’s critical to know what finance leaders are (and aren’t) doing to protect their organisations from digital …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.