See if your information has been exposed in a data breach with our latest free tool Check Now
Industry news

Accounts Payable Security Report: March 2022

Niek Dekker
4 Min

Each month, the team at eftsure monitors the headlines for the latest Accounts Payable security news. We bring you all the essential learnings, so your Accounts Payable team can stay secure.

Top Life Saver Jailed for 3 Years

Read More

Insider fraud can manifest in many different ways.

Sometimes, those who demonstrate strong loyalty and commitment to their employer simply can’t resist the temptation of personal enrichment when, due to lax accounting controls, the opportunity arises.

That was the view expressed by Justice John Pickering upon sentencing Matthew Hanks, the former General Manager of Surf Life Saving NSW (SLS NSW), to over three years jail for defrauding the leading volunteer organisation.

“He did actually care for the organisation, he did actually have some good friends there, he did actually work very hard there, and life isn’t always as simple as black and white. Humans are complex,” said Justice Pickering.

Hanks, a 52-year old father of three, had carried out a number of frauds against his employer, including selling himself used SLS NSW vehicles at wholesale prices, which he then on-sold at retail prices, and contracting out printing work to an undisclosed company he owned, before sub-contracting out the work to cheaper printers and pocketing the difference.

However, most grievous was his manipulation of cheque details which allowed him to deposit a $121,000 government grant for a new SLS club house in Port Macquarie into his personal bank account.

Justice Pickering described as “extraordinary” the fact that the organisation’s accounting controls were so lax that they allowed Hanks to steal the government grant funds, and the fraud was not uncovered for so long.

Since being caught, Hanks has endeavoured to repay a significant amount of the defrauded funds back to SLS NSW.

The important lesson in this case is that anyone can be tempted to carry out fraud, even those with no criminal history and who are genuinely committed to their employer. No organisation should operate on trust alone. Having robust internal accounting controls in place is critical for all organisations to ensure no opportunity exists for any insider to engage in fraud or theft.

Be Aware of the Latest Threat: Business Video Compromise

Read More

We are all aware of the risks of Business Email Compromise (BEC). Scammers gain unauthorised access to email accounts in order to redirect payments into bank accounts they control.

Now, there is a new threat emerging that exploits video conferencing technologies.

We call it: Business Video Compromise, or BVC.

According to the FBI, scammers are increasingly turning to video conferencing tools to trick unsuspecting victims into handing over money.  Whether it’s Zoom, MS Teams or any other video conferencing technology, the volume of these types of scams has escalated significantly during the pandemic as a result of the shift to remote working.

According to the FBI, scammers have been using email to invite employees to participate in video conference meetings. The scammer seeks to impersonate an executive of the target organisation, such as the CEO or CFO, by inserting a still picture of the executive with no audio, or they use “deep fake” audio, and claim their video/audio is not properly working.

Once employees are in the virtual meeting, the scammers proceed to instruct them to initiate funds transfers.

The FBI makes several recommendations to protect your organisation from these types of scams:

  • Confirm the use of outside virtual meeting platforms not normally utilised in your internal office setting.
  • Use secondary channels or two-factor authentication to verify requests for changes in account information.
  • Ensure the URL in emails is associated with the business/individual it claims to be from.
  • Be alert to hyperlinks that might contain misspellings of the actual domain name.
  • Refrain from supplying login credentials or personal information of any sort via email.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s address appears to match who it is coming from.
  • Ensure the settings in employees’ computers are enabled to allow full email extensions to be viewed.
  • Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.

Scam Reports Increase by 45%

Read More

January 2022 saw 21,110 scams reported to Scamwatch, an initiative of the Australian Competition and Consumer Commission (ACCC). That figure represents a massive 45% increase on the previous month.

Of particular concern is the spike in false billing scams being reported.

False billing scams request you or your business to pay fake invoices for supplies that you did not order. It could also be a scammer impersonating one of your suppliers, who tells you that their bank details have changed, and a payment ends up being sent to a bank account controlled by the scammer.

Whilst December 2021 saw 968 false billing reports, that figure increased to 1,251 in January 2022.

The overwhelming majority of the $2,020,876 lost through false billing scams in January occurred due to manipulated emails.


Despite this, most attempted false billing scams occurred due to fake phone calls.

This is an important reminder for all Accounts Payable teams that phone scams can be just as big a threat as email-based scams.

Read our tips on how your AP team can avoid falling victim to phone scams.

Essential Procure-to-Pay Checklist for AP Teams
Secure your Accounts Payable process with our 8-step Checklist. Following these 8 steps throughout the Procure-to-Pay lifecycle will help protect your organisation from falling victim to invoice fraud, as well as erroneous payments.

Related articles

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.