Readers who have been following various payments trends since COVID arrived and WFM policies took effect will likely know that fraudsters have been having somewhat of a ‘field day’ when it comes to illegally extracting money from companies in this environment.
This brief piece in Finextra is a reminder for companies to go back over (or maybe for the first time) some of the protective measures to combat phishing, smishing, etc; basically business e-mail compromise scenarios, or social engineering based on learned internal data.
‘A BEC attack, also known as man-in-the-email, involves cyber criminals masquerading as, or directly compromising a business email account in order to extort trusting individuals into taking a certain action. In the case of invoice and payment fraud, the BEC attack will usually target a business’s finance department and pose as a vendor or senior management and will ask for a payment to be made to a fraudulent bank account…. In the first half of 2020 we saw a spike in COVID-19 related BEC attacks, however, according to Abnormal Security, invoice and payment-based BEC fraud rose by 81% between Q2 and Q3. The exponential increase in invoice and payment fraud is only projected to continue in Q4 and into early 2021.’
We have covered the payments fraud issue regularly, most recently in member reports earlier this year on the e-commerce space. The most basic protective measure to combat these social engineering scams is to hold employee training sessions and remind them to be on the lookout for unusual requests from colleagues, seniors and supposed clients. It would be likely an exception these days for any reader to have NOT received one of these mails during the past couple of years, and even more so in this strange year.
‘In 2019, surveys by UK Finance revealed that invoice and payment fraud costs organisations £92.7 million each year and that 43% of businesses are not aware of the dangers of invoice fraud. The cost of invoice and payment fraud is only going to increase as we move into 2021 and with the lack of awareness in the general business population, invoice and payment fraud will likely remain highly successful.’
Overview by Steve Murphy, Director, Commercial and Enterprise Payments Advisory Service at Mercator Advisory Group