Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Across the world, headlines increasingly feature shadowy hackers and devastating cybercrime. Closer to home, cyber-incidents have impacted millions of Aussies and Kiwis, including recent incidents like Dymocks, Pizza Hut and New Zealand’s largest-ever data breach in Latitude Financial.
For financial leaders, these threats can sometimes feel like they’re outside their jurisdiction, but an organisation’s financial health is intertwined with its cyber-defences. Cyber fraud attempts are getting harder and harder to detect, especially as artificial intelligence (AI) advances continue to give scammers an advantage.
Countering those growing threats requires awareness and vigilance among finance leaders. A good starting point is correcting these common myths.
Unfortunately, cybercriminals aren’t just looking for the biggest targets – they’re looking for opportunities, and that doesn’t have to involve targeting a multinational corporation with billions of dollars. In fact, small businesses tend to be more frequent victims of scams, potentially because they have fewer resources to defend themselves. The Australian Institute of Criminology (AIC) has estimated that small to medium business (SMB) owners, operators and managers are more than twice as likely to be victims of cyber scams than those at bigger companies. And, when they did fall victim, they tended to lose larger amounts of money than other victims.
Digitisation means scammers can target anyone from anywhere, and they’re constantly on the hunt for unsuspecting new targets. Additionally, technology can help scammers offset disadvantages like language barriers or time constraints. Malicious AI tools like WormGPT or FraudGPT are designed to aid illicit activity and may be trained on data that includes phishing or malware-related information.
When talking to finance leaders, it’s common to hear confidence in existing controls’ ability to thwart cybercrime. But finance teams are up against scammers who continuously look for new vulnerabilities and may even have in-depth knowledge of targets’ financial processes.
The most common vulnerability? Old-fashioned human error. Social engineering attacks like business email compromise (BEC) involve hacking into the email account of a supplier, executive or other trusted contact, then using that account to deceive accounts payable (AP) staff into making fraudulent payments.
Even if your employees closely adhere to control procedures, they may not have the resources or awareness to spot these sorts of sophisticated attacks. This will become even riskier as AI continues to make it easier for cybercriminals to create synthetic media like deepfake videos or audio.
Even in organisations with the resources for a dedicated cybersecurity team, CFOs and finance teams tend to be better placed to address cybercrimes like digital payment fraud.
Although IT and security teams are responsible for protecting systems and data, they can’t singlehandedly stop AP employees from, say, making a fraudulent payment after a scammer infiltrates a trusted supplier’s email account. By contrast, finance leaders have a clearer picture of their anti-fraud controls and any risky gaps.
So what can finance teams do to safeguard their organisations against cyber fraud? It starts with ensuring you’ve got the right people, processes and technology.
Note: this is a modified version of an article originally published in the NZ Herald.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud is usually associated with deception, manipulation, and crime, but what many people don’t realize is that not all scams are illegal. …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.