Scammers use DocuSign API to send fraudulent invoices
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Sometimes it’s the smallest clues that hint at a potential scam. Effective fraud control and prevention demands every member of your Accounts Payable (AP) team vigilantly look out for any suspicious signs.
Luckily for one NAB Private customer, a hawkeyed Relationship Associate was on the task, preventing a $6 million fraudulent transfer.
Can you be certain your AP staff are just as alert to seemingly insignificant clues?
Payments fraud doesn’t suddenly occur erratically.
Fraud occurs when criminals meticulously plan their crimes, taking time to intensively study their target. Once they’ve managed to gain access to a target’s email system, they undertake extensive reconnaissance, identifying exploitable opportunities and communications patterns that can aid them in executing their theft.
Sophisticated scammers hone their skills over years. They know what it takes to deceive accounting staff into processing fake payment instructions. When impersonating the legitimate owner of a compromised email account, they carefully craft their messages to closely resemble the tone and style of the individual they are impersonating.
By closely scrutinising the content of emails to identify any hint of unusual or unexpected shifts in language, as well as spelling or grammatical errors, you could end up stumbling across an attempted fraud.
For Stacey, a Relationship Associated at NAB Private, facilitating large payment transfers for customers was routine. However, when one Perth businessman recently requested a $6 million transfer as part of a capital raising round, something prompted her to investigate the request further.
Stacey called the businessman, who confirmed the payment request was legitimate. However, given he was about to board a flight, he asked Stacey to verify the payment details with his accountant, which she did.
Whilst waiting for the accountant to confirm all the payment details, Stacey decided to review the email chain.
The first indication of something unusual was the word “group” had been misspelled “gruop”. On its own, that may seem like a simple typing mistake. However, Stacey also noticed slight changes in tone that hinted at something more sinister. The sender was using different greetings for each email, such as “hi” and “hello”.
On top of that, the businessman had received last minute advice that the bank account details into which he was required to deposit the $6 million had changed. Furthermore, the payment date had been brought forward.
For Stacey, these were all red flags for fraud risk indicating attempted fraud.
Upon calling the individual who was genuinely supposed to receive the $6 million, Stacey learned that he had not made any changes to his bank account or card details, nor had he brought forward the payment date.
It was clear malicious actors had infiltrated the email system and private information, using it to try and deceive the businessman into sending the funds to a bank account controlled by the fraudsters.
Fraudsters will stop at nothing in their attempts to deceive unsuspecting individuals into redirecting online payments. Increasingly, they are using highly sophisticated tactics that are almost impossible to detect. Even trained AP staff can easily miss the red flags of fraud detection!
Relying on your busy AP team to detect the slightest hints of a potential fraud will ultimately fail.
However, having Eftsure sitting on top of your accounting processes ensures you only pay intended recipients. With our unique green and red thumb indicators, you will know in real-time whether the bank account details you are using to process a payment align with the details used by others to pay the same beneficiary.
This gives your AP team assurance that they are not being defrauded when processing EFT payments.
For a full demonstration of the power of Eftsure, contact us today.
CFOs, beware: cybercriminals are exploiting DocuSign’s legitimate business tools to deliver fraudulent invoices directly through trusted channels. This scheme is particularly dangerous …
Because LinkedIn is used as a professional networking platform, account holders don’t use the same caution as they would on Facebook or …
Fraud is usually associated with deception, manipulation, and crime, but what many people don’t realize is that not all scams are illegal. …
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.