Online invoice scammers are targeting Australian companies

Business Email Compromise (BEC): A Growing Threat

Business Email Compromise (BEC) is becoming a major issue for local companies. This form of cybercrime involves hackers stealing login details from supplier or vendor organizations to issue fake invoices or change bank detail requests.

One notable case involved a Lithuanian hacker who tricked Facebook and Google into handing over $172 million between 2013 and 2015. The hacker, Evaldas Rimasauskas, sent fake invoices to employees of the two tech giants that appeared to be from a major Taiwanese hardware maker, a business partner of both companies.

The invoices and bank change requests often come from legitimate email addresses and include a prior email trail of messages, lulling companies into a false sense of security. Although Google and Facebook were able to recover their losses, with Rimasauskas currently serving a five-year sentence, BEC remains a serious threat to the corporate sector, according to Australian secure payments data platform Eftsure.

Eftsure's Role in Combating BEC

Eftsure's technology verifies supplier bank account details and other compliance information before a payment is made. According to co-founder and CEO Mike Kontorovich, BEC attacks are becoming more sophisticated, with hackers targeting the supply chain to infiltrate corporate systems.

Eftsure has a joint business relationship with PwC Australia through the professional services firm’s Align program. "We look at technology from upcoming companies and introduce them to our larger clients," PwC partner Ross Thorpe said. "Eftsure is solving a big problem for a number of our clients. Using crowd-sourcing as part of the solution is a great idea."

Author: Supratim Adhikari, Technology Editor at The Australian

First published in The Australian on 11th February 2020