PYMNTS-MonitorEdge-May-2024

Easy Pickings For BEC Criminals?

The age of business email compromise (BEC) is upon us. And for the scammers, it’s not all that hard to do the scamming.

The methods have been discussed in coverage by PYMNTS before, and in recent data from Digital Shadows, a digital risk management firm, the methods have indeed been diverse. We’ve seen fake invoices and emails, and, as per the FBI, the cost has been $12 billion over the last half decade.

Companies are leaving themselves a bit wide open, it seems. Digital Shadows has found that entire email inboxes of companies are exposed, with 12 million email archive files available to the bad guys and where more than 33,000 finance department email addresses have been exposed in data breaches. Those email inboxes also have associated passwords ripe for the plucking. The criminals can get thousands of dollars for email addresses paired with passwords.

Digital Shadows, according to reports, found that 27,000 invoices, 7,000 purchase orders and about 21,000 payment records were accessible.

The company recommended that even though the risk of such compromises can never be totally eliminated, some steps can be taken to significantly mitigate risk. That includes making sure that BEC is part of incident response and business continuity planning. Firms should also monitor whether credentials are exposed and should also work with wire transfer application vendors, allowing for multiple parties to be authorized — and required — to approve wire transfers.

Tax Fraud Down Under

In Australia, reports came this week that a former senior member of a company tied to a massive tax fraud — that would be Plutus Payroll — will plead guilty in the case. That former executive, Joshua Meredith Kitson, who served as former general manager of Plutus, was slated to plead guilty to a charge of conspiring to cause loss. The scam is one where the company allegedly underpaid payroll taxes by more than $100 million — though estimates range to as high as $165 million.

Checking in on Check Fraud

Lest you think that high tech means are the only methods of fraud by which criminals ply their trades, consider the fact that businesses are putting themselves at risk amid a lack of both internal and external controls. A recent survey by TROY Group found that 95 percent of business leaders have said checks are still the preferred method by which payments are made. Another sobering stat is that 74 percent of firms have been victimized by check fraud. And, in tandem with those numbers, check fraud has hit these firms hard, costing as much as an equivalent of 0.5 percent to 1.5 percent of the top line. But amid that backdrop, in the firm’s whitepaper titled, “Your Business Is at Risk for Check Fraud,” 70 percent of companies surveyed cite cybersecurity risks as a concern, yet only 10 percent state they are concerned with check fraud risk.

Small businesses (SMBs) are at relatively greater risk, at 22 percent compared to 8 percent of firms with an employee base over a headcount of 100.

“In 32 percent of cases, lack of internal controls made it easy for check and payments fraud to be committed. The ability to override set protocols was to blame 18 percent of the time,” stated the report.

In the meantime, 77 percent of millennial decision makers say printed checks will still be important in the year 2025.

Technology is no salve. As the report noted: “But, we’re already seeing double-dipping on mobile check deposits as users are depositing the check electronically and taking it to the bank to deposit in person. And, if they alter a check then deposit it via mobile, it may be more difficult to detect any alterations to that document.”

PYMNTS-MonitorEdge-May-2024