Online fraud continues to increase in both scope and sophistication and as a result, is a persistent threat to businesses worldwide.
Finance and accounts payable (AP) teams, who handle sensitive data and large sums of money, are frequently in the crosshairs. At eftsure, we’ve witnessed how one moment of inattention can lead to severe financial and reputational losses.
To help you stay one step ahead of cybercriminals, here are seven tips that will help reduce your organisation’s exposure to online scams.
Criminals are agile, creative and quickly pivot to new tactics whenever older methods become widely recognised.
Phishing remains a staple, but it has evolved from sloppy, typo-filled emails to carefully crafted messages that appear to come from government departments or trusted financial institutions.
According to the FBI’s 2023 IC3 report, BEC scams led to over $2.9 billion in adjusted losses, making them one of the costliest types of fraud affecting US businesses. These are highly targeted phishing attacks where fraudsters impersonate a company executive, vendor or employee to trick someone into transferring money or sensitive data.
Scammers bank on two things: urgency and trust. They commonly pressure employees into quick action or exploit recognisable names and logos to convince them to comply.
Some impersonate vendors that request “new” bank account details, while others pose as internal executives or superiors who stress the critical importance of a last-minute payment.
More recently, AI has increased the complexity of scams and the speed with which they can be deployed. It is now being used to generate realistic emails, create convincing deepfake impersonations, replicate writing styles and build fake login pages that mimic company platforms.
A robust internal framework is the first line of defence against cyber-attacks. When you establish clear checks and balances, you create friction that scammers find difficult to overcome.
Even common-sense measures such as verifying large payments with two different individuals can thwart many attacks.
Building out these controls often involves:
These measures may feel like a waste of time at first, but they can be the difference between catching a fraudulent invoice early and discovering it only after the money has disappeared into untraceable accounts.
Relying on passwords alone is becoming increasingly risky, especially in finance and AP contexts.
Online data breaches often lead to stolen credentials ending up for sale on the dark web. Criminals then test these credentials on popular financial platforms, hoping for a match.
MFA introduces a vital extra layer by requiring a secondary factor—like a time-based code from an authenticator app or a mobile phone prompt—to access critical systems.
Even if a malicious actor somehow acquires someone’s password, they typically won’t have the second factor. This simple step prevents unauthorised access and drastically reduces the risk of compromised accounts.
Note that some forms of MFA are more effective than others. Passwordless authentication (such as one that uses biometric verification) offers more security than traditional one-time passwords (OTP).
The four different types of MFA (Source: NordPass)
Criminals capitalise on vulnerabilities in outdated software, operating systems and plugins, and just one unpatched workstation can open the door for malware to penetrate an entire network. According to some experts, unpatched vulnerabilities account for 60% of all compromised systems.
Keeping your technology environment current requires more than just automatic updates. Educate staff on the importance of installing patches promptly—both on company equipment and their own devices if they access company emails or applications.
A well-maintained, consistently patched system closes off the easy entry points cyber criminals rely on. It also reduces the chance of falling victim to ransomware, which can lock up sensitive data until a hefty fee is paid.
Attacks on AP departments often rely on the fraudster’s ability to successfully impersonate established suppliers.
Invoices and emails may look authentic, but the sender is actually a criminal whose sole intention is to reroute future payments. Later, a well-meaning employee who is motivated to clear a backlog could unknowingly transfer funds to a fraudulent account.
Rather than assume the request is authentic, add these verification steps:
This extra scrutiny will feel inconvenient, but a quick phone call or verification email is a small price to pay compared to the discovery that someone has wired funds to fraudsters.
Fraud prevention isn’t just about technology or strict adherence to processes. It also depends on nurturing the appropriate mindset across the organisation.
One survey of over 150 cybersecurity professionals found that 50% were too afraid to report incidents for fear of repercussions. Create an atmosphere where employees feel comfortable to report anything unusual—even if it turns out to be a false alarm
A lack of awareness around the importance of cybersecurity exacerbates the problem.
Encourage teams to slow down when something looks off. Celebrate employees who spot suspicious invoices or odd communications. Point out near-misses in meetings so everyone benefits from shared lessons.
When teams champion caution as a fundamental value, they deter the criminals who rely on complacency to succeed.
In many attacks, employees recall that something was amiss but that they proceeded anyway due to time pressure or fear of appearing overly cautious. Empowering staff to follow their instincts is often the best defence you can implement.
Promoting a culture of openness is just one part of an effective cybersecurity culture (Source: NordLayer)
If you do suspect an active scam, time is of the essence. Quick reporting often determines whether funds can be frozen or recovered before scammers vanish with the money.
These steps can make a noticeable difference:
Swift and decisive action can transform a potential catastrophe into a minor scare. If a phishing email does breach your system, early detection also prevents it from infiltrating other systems.
Avoiding online fraud is an ongoing process rather than a one-and-done task. Criminals continually refine their methods and take advantage of the fact that technology, business processes and human nature are in constant flux.
However, by combining robust internal controls, multi-factor authentication, updated software, vendor verification, a supportive culture and prompt action, the odds of becoming the next victim drop substantially.
Fraudsters rely on human error, lax controls and outdated systems. When each of these potential weaknesses is addressed methodically, you’ll protect not only your organisation’s balance sheet but also the trust earned from clients, partners and fellow employees.
Cybercrime is an ever-evolving threat that affects individuals, businesses, and governments worldwide. As cyber crime continues to escalate and evolve due to …
Unsure if a supplier is legit? Learn how finance teams can verify vendors and avoid scams with practical checks that protect payments and reputation.
Reassess your controls, reduce fraud risk, and boost resilience. Q2 is the moment for finance teams to act—here’s how to get ahead before mid-year.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
