Phishing Scam Catches a Shark

Phishing Scam Catches a Shark

Fraud is a real problem for all organizations, especially those with manual-based Accounts Payable (“AP”) processes. Business email compromise (“BEC”), a type of wire fraud, is on the rise worldwide and, according to an FBI report released last fall, has resulted in $26 billion in losses since July 2016. Common types of BEC attacks include phony invoices and spear phishing, which is the sending of fraudulent emails, seemingly from a known or trusted sender, to a targeted individual in order to obtain private or confidential information, which is then used to deceive someone that they are legitimate when in fact they are a fraudster.

This type of fraud recently snared in its sordid net the business dealings of well-known TV Shark, Barbara Corcoran. Scammers sent an invoice for $388,700 that looked like it was sent by Corcoran’s assistant to her bookkeeper. The bookkeeper responded with a series of questions to the email/invoice sending cybercriminal who was able to provide credible answers to the questions asked and the amount due was later approved to be wired to the scammers bank account in China.

Fraudsters are good at what they do, and getting smarter all the time. Fraud is nothing new in AP. It is a costly problem AP and finance professionals have been dealing with since the beginning of time. So, what’s to be done? Organizations must routinely ask themselves if they have the controls in place to help minimize and prevent fraud from occurring. In Ardent Partners’ AP Metrics that Matter in 2020 eBook (available for download by clicking here), we found that when AP leaders were asked what critical capabilities their organizations will need to develop or possess in order to improve performance, only 58% of AP leaders agreed that managing fraud and compliance is a critical capability that their organization needs to develop or possess. It is alarming that the number of AP leaders who view managing fraud and compliance as a critical capability is so moderate, and definitely has to embolden cyber criminals to keep at it.

On a more positive note, in the same Ardent Partners’ AP Metrics that Matter in 2020 eBook, greater than three quarters (77%) of AP leaders reported that fraud prevention and compliance skills can be effective in training an AP staff to notice instances that need to be remedied. Additionally, analytical prowess (65%) is also viewed as critical in transforming AP into a hub of insights (and delivering those insights to the stakeholders who need them) and intelligence that can go a long way to helping deter and prevent fraud.

Accounts Payable sits in an ideal position to identify and manage invoice and/or payment fraud and can be a perfect ally for compliance teams in both identifying potential areas of concern and escalating issues internally. Utilizing data and intelligence to know and understand different transaction patterns can be a source of value for AP. Accounts Payable leaders need to start thinking about intelligence in the context of their organization’s current state of maturity and work to identify the areas that can be most leveraged.

The good news is that today’s ePayables solutions (Esker, Tradeshift, Corcentric, Transcepta, MetaFile, MineralTree, Tipalti, Yooz, Inspyrus, SAP Ariba, Bottomline Technologies) have extensive fraud control functionality and reporting analytics that can be leveraged to deter, detect, and prevent fraud. Another key element in fraud prevention needs to occur during the supplier activation process. Performing even basic tasks such as seeing if a new supplier has a website, uses a commercial address rather than a residential one, or has a main business phone number, can go a long way to detecting and preventing potential fraud. The solution providers mentioned above also offer excellent supplier onboarding controls that can provide much more extensive control to help to mitigate supplier risks as well.

***** Shark Phishing Scam Update *****

As luck would have it, the German bank used by the ‘Shark’, to wire the money actually froze the transfer before it was deposited into the fraudsters’ Chinese bank account. The ‘Shark’s team was able to prove it was fraud and their money was returned. Hopefully, the wide publicity this story received will raise recognition of how common phishing fraud actually is, prompt organizations to review their fraud detection and prevention procedures, and take steps to tighten and improve controls.

Download the Metrics that Matter in 2020 eBook to learn more:

APMTM20-SPONSOR

RELATED TOPICS