Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Scammers are sending legitimate PayPal emails that bypass security filters, exploiting the platform’s address notification system. When adding new “gift addresses” to accounts, scammers have started including fake MacBook purchase confirmations with unauthorised phone numbers in the address fields.
These official-looking emails prompt recipients to call fake support numbers where scammers attempt to install remote access software. BleepingComputer confirmed the vulnerability by testing the address feature, which automatically sends notifications containing whatever text was entered.
Scammers tend to operate in a variety of environments – some are connected to well-funded syndicates and organisations that look and function much like legitimate businesses, while others act as rogue agents. However, some crime syndicates exploit trafficked or exploited victims to carry out their dirty work.
A recent investigation published in The Guardian sheds light on those victims, revealing the brutality of Myanmar’s notorious scam compounds. More than 260 people have escaped compounds where they say they faced electric shocks, beatings and 15-hour workdays. Victims claim they were lured by IT job promises but instead were trafficked across borders and forced to conduct online scams worth billions annually. Thailand has launched a major crackdown, with authorities claiming that 7,000 people are still awaiting rescue.
The United Nations estimates over 220,000 people are trapped in similar operations across Myanmar and Cambodia.
Australia’s new Scams Prevention Framework establishes mandatory obligations for banks, telecommunications, and digital platforms using a six-principle approach. While the government touts it as “world-leading,” consumer advocates argue it falls short by not mandating victim reimbursement. Banks favoured prevention over compensation, while regulators pushed for stronger consumer protections.
Civil penalties for non-compliance reach up to $52.7 million following the February 2025 enactment amid rising scam losses
Read more about what’s in the framework, as well as cross-sector perspectives on whether it goes far enough. And if you want our take on related debates – like the position outlined in the campaign led by news.com.au – it’s here in Accountants Daily.
Genea, one of Australia’s largest IIVF providers, recently confirmed that its patient management systems were breached during a cyber attack. The organisation is still investigating what personal information was accessed, but it has told patients that accessed data included Medicare numbers, medical records, test results and treatment information.
Despite system outages, the organisation says that its clinics continue to operate with “minimal disruption.”
Large-scale phishing attacks just got a little easier to carry out. Cybercriminals behind the Darcula phishing-as-a-service (PhaaS) platform are preparing a new version that allows users to clone any legitimate website, further minimising the expertise needed to create convincing phishing pages.
The latest version also allegedly enables fraudsters to generate phishing kits instantly and convert stolen credit card details into digital wallet-ready images.
Security firm Netcraft has detected over 95,000 new Darcula phishing domains since last year.
Chinese AI app DeepSeek is facing scrutiny over data privacy risks, with experts warning it could expose companies to cyber threats. The app’s terms state that user data is stored on Chinese servers, raising concerns about potential government access. Italy and Taiwan have banned it, while US officials say they’re still reviewing its security risks.
Microsoft and Amazon have already made the open-source reasoning model available on their platforms, but cybersecurity firms have instituted widespread company blocks and claim that there are significant risks of data leaks. While DeepSeek may not radically change the overall shape of AI-related security concerns, it’s likely another development that further accelerates existing risks.
Payment redirection scams surged 66.6% in 2024. What CFOs and finance teams need to know now to stop losses before they happen — insights from ACCC data.
Why NZ finance teams face growing payment fraud risks in 2025—and why manual controls like spreadsheets won’t protect you.
$500B in fraud? Weak payment controls expose businesses to risk. Learn what Musk & Trump uncovered—and how finance leaders can prevent financial leaks.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
