Beware of tech support: Remote access scams up 52% in Q1 2024

According to the most recent figures from the ACCC, remote access scam losses saw a staggering 52% increase in the first quarter of 2024 compared to the previous quarter. The average cost of remote access scams also increased this quarter by 57% to $17,943.

As fraudsters deploy increasingly sophisticated social engineering tactics, AP teams need bulletproof payment verification processes to safeguard against significant financial losses.

What is a remote access scam?

Remote access scams are a type of cybercrime that occurs when a fraudster gains control of a victim’s computer or device by tricking them into allowing remote access, enabling the fraudster to steal money from the victim.

These fraudsters use scare tactics to manipulate victims into compromising their devices and accounts. Common techniques include:

• Convincing emails that look similar to a legitimate tech support email, a form of business email compromise (BEC)
• Cold calls impersonating tech support from well-known companies like Microsoft, claiming to be fixing an account / device issue
• Web-based pop-up ads stating there’s a problem that needs to be fixed by calling a particular “helpline”

Once deceived, the victim is instructed to download remote desktop software, such as TeamViewer or LogMeIn, enabling the fraudster complete access to their device.

With full control, the fraudster can run programs that appear harmful to the victim’s device but are innocuous. Playing into this fear, they now have a few options to steal from the victim:

• Offer to “fix” the non-existent issues by charging fees
• Install malware to steal personal / financial data
• Directly access bank accounts and make fraudulent transactions

Spot the signs to stop fraudsters in their tracks

Remote access scammers use a specific approach. To avoid falling victim to remote access scams, AP teams need to know exactly what to look for:

• Receiving unexpected phone calls about an issue with your account, phone, or computer
• Being instructed to download software or an app during the call
• Being asked to access your online bank account under the guise of resolving an account issue
• Being asked to read out your banking password / a one-time password (OTP), enabling the caller to access your bank account

Failing to verify: Know the risks

Remote access scammers are adopting more realistic techniques. They sound professional and even use the same software as the actual tech support teams they’re duping. Relying on human judgment to keep these scams at bay is no longer enough on its own. Your AP team needs solid verification processes and controls to effectively prevent scams.

Without effective protection mechanisms in place, your business is left open to several risks:

Financial fraud and theft

AP teams must follow a strict process for verifying a supplier’s identity and banking details or risk sending payments to fraudsters impersonating legitimate businesses. Failure to implement or follow these processes can result in funds being stolen outright or requiring a costly and time-consuming recovery. Take, for instance, the finance worker who was fooled by a deepfake video call scam to the tune of $39m.

Unauthorized access to accounts

Once a fraudster successfully impersonates a legitimate supplier, they can easily access internal payment systems and financial accounts, enabling further theft and misuse.

Money laundering risks

If suppliers aren’t scrutinised sufficiently, your businesses could unwittingly facilitate money laundering activities if payments are sent to shell companies or illicit fronts without oversight.

Reputational damage

Misdirected payments resulting from a lack of adequate due diligence cause severe reputational damage. Defrauded companies end up as headlines at a cost. Their credibility takes a hit among shareholders and customers, who quickly lose trust.

Regulatory penalties

Many industries have know-your-customer (KYC) and anti-money laundering requirements that mandate supplier due diligence. Companies that lack sufficient verification processes and controls expose themselves to potential fines and penalties on top of the financial loss caused by a scam.

Disrupted operations

Fraudulent payments, especially recurring ones, lead to cash flow issues and delayed payments to real suppliers, ultimately disrupting business operations.

Top tips to safeguard your business

The only way AP teams can ensure maximum protection against payment scams is to check payment details every time they pay suppliers. You need rigorous verification processes and controls to prevent fraudsters from infiltrating payment systems.

• Verify supplier payment details against trusted, independent sources
• Cross-check supplier details against authoritative databases, both at onboarding and when detail changes are requested
• Adopt screening capabilities to detect high-risk payment instructions or unwarranted requests for sensitive information
• Standardise supplier verification processes across all suppliers throughout the payment lifecycle
• Implement best practices for supplier verification phone calls, e.g., don’t ask leading questions, don’t accept incoming calls