Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
The overall population saw a decline in financial losses due to scams in 2023, but Australian businesses are facing greater losses, with false billing scams increasing across the board, according to the ACCC’s latest report.
While reported losses to the overall Australian population are down 13.1% to $2.74 billion in 2023, the numbers for businesses paint a different picture, with reported losses of $29.5 million, a 27.2% increase from 2022.
This increase in business losses is in part due to fraudsters’ use of more sophisticated attack methods, such as false billing scams, that are catching even the most cyber-aware off guard.
Businesses lost $11.8 million through false billing scams in 2023, up 37% from 2022, with overall population losses costing $28 million, a 10.6% increase from 2022. This two-fold upward trend indicates the need for finance leaders to proactively improve their fraud detection controls.
False billing scams occur when fraudsters impersonate legitimate businesses and trick victims into sending money to the wrong bank accounts. There are several ways that fraudsters can pull off this type of attack, with fake invoices being a common weapon of choice.
A recent unfortunate false billing tale is that of a tour operator whose client sent $80,000 to a fraudster impersonating the operator’s business through fraudulent emails with slightly modified details.
The fraudster sent a fake invoice to the client, which looked like a legitimate invoice from the company but had different bank account details. Despite this discrepancy, the bank allowed the transfer to go through to an account number that didn’t match the name the account was under.
In November 2023, the Australian Banking Association announced the Scam-Safe Accord, which “sets an even higher standard of protection by banks to shield consumers from scammers” and is expected to roll out across 2024 and 2025.
Despite banks signing on to these voluntary measures, which include cross-checking account names, Australia is yet to enforce anti-scam regulation to keep industries, including finance, telecommunications, and online platforms accountable when fraud hits — a move backed by the Australian Competition and Consumer Commission (ACCC).
When a supplier’s account details or payment instructions change, verification should pass through several AP team members to ensure no payments go through without receiving multiple approvals.
Finance leaders should also aim to standardise the verification process by ensuring adequate cross-checks are in place to verify changes in details against existing information and trusted information sources.
General security awareness training is no longer enough to stop payment fraud in its tracks. Beyond deleting suspicious emails, using secure Wi-Fi networks, and switching on multi-factor authentication (MFA), your AP team needs specific expertise to detect the subtle yet critical signs of fraud. Examples of required caller skills include detecting verbal inconsistencies and knowing how to question a supplier during onboarding / when updating details.
Verifying supplier details during onboarding isn’t an evergreen control. Your AP team must cross-check details for every payment, as fraudsters can hack seemingly legitimate systems at any stage across the payment lifecycle.
As businesses and individuals become more aware of signs of phishing, ransomware, and other cyber threats, fraudsters are turning to more sophisticated scam tactics. Australians face a cyberattack every six minutes. Finance leaders should ensure their teams are aware of the latest threats across the cyber landscape and aim to continuously update threat identification and mitigation processes accordingly.
Performing all the necessary cross-checks required to verify details during every payment is a time-consuming process. While a single check can be all it takes to intercept fraud, dedicating sufficient time and resources for every payment proves difficult, especially during peak times like EOFY.
Payment protection solutions, like Eftsure, eliminate the tedious manual verification process by cross-checking against a database of trusted information sources. Automating this process frees up more time for your AP team to focus on meaningful tasks while maintaining a standardised process for supplier payments.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud can strike any time, but certain periods increase your business’s vulnerability to fraudulent activities. During these times, your teams may be …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.