Fraudsters have discovered yet another way to infiltrate the Paycheck Protection Program (PPP), and the business email compromise (BEC) continues to reign as the biggest payments fraud threat to businesses. But this week’s B2B Data Digest includes some good news, too: Corporate card fraud is actually on the decline, while there is also evidence that corporate payment fraud attacks are actually down.
68 percent of professionals surveyed by FICO say that preventing fraud within their organizations is more difficult in a work-from-home environment. Also hampering anti-fraud efforts are a lack of skilled staff, insufficient resources and the impact of anti-fraud efforts on customer experience, as well as the challenge of using multiple systems to access data. Researchers did note, however, that there is evidence that work-from-home professionals are adapting quickly to overcome these barriers.
74 percent of businesses surveyed by the Association for Financial Professionals were targets of payments fraud. The 2020 statistic represents a significant decrease from 2019 and 2018 levels, in which 81 percent and 82 percent of firms, respectively, were targeted in a payment fraud scheme. According to the AFP, organizations’ shift away from paper checks and wire, and toward ACH, led to a slight uptick in ACH debit fraud last year. Further, in more good news, researchers found that corporate credit card fraud decreased significantly last year: 24 percent of survey respondents reported this fraud last year, compared to 34 percent in 2019. The AFP found that the BEC scam remains the most common type of enterprise payments fraud attack, and that the accounts payable department remains the area most susceptible to BEC attacks.
98 percent of businesses surveyed by Proofpoint received a cyber threat from a supplier domain, meaning a business was exposed via the supply chain. Researchers examined 3,000 companies across the United States, United Kingdom and Australia over a week in February. According to reports, nearly 75 percent of these cyberattacks involved phishing or imposter threats, in which a cyberattacker impersonated a legitimate supplier. “The research shows that threats from impersonated and compromised suppliers are more likely to lean on social engineering to prey on human nature,” the Proofpoint report said.
$348,000 was nearly stolen by a Colorado city targeted in a BEC attack. According to local reports, a seemingly legitimate city supplier had requested the payment for a December 2020 water project. However, the actual vendor said it never made that request. While the city had initially approved the payment, the bank identified suspicious activity and was able to recover the money. The case is now under investigation by local police as well as the FBI.
$10.68 million was stolen from Australian businesses last year in payment redirect fraud, the Australian Competition and Consumer Commission (ACCC) revealed recently. The scam involves cyberattackers posing as legitimate vendors or employees to request payment into a fraudulent account. The ACCC is warning that so far, payment redirect fraud losses in 2021 are already 500 percent higher than they were during the same period in 2020. “Scammers tend to target new or junior employees, or even volunteers, as they are less likely to be familiar with their employer’s finance processes or the types of requests to expect from their supervisors,” noted ACCC Deputy Chair Delia Rickard.
$100 million worth of PPP funds has been obtained fraudulently and laundered via online investment platforms, according to U.S. law enforcement officials. Reports in CNBC said fraudsters are stealing business owner identities to apply for PPP funding. Because opening an account with an online investment platform is typically easier than opening a bank account, fraudsters will then use that stolen identity to deposit funds in that investment platform. Law enforcement officials have said that investment platforms like Robinhood, E-TRADE and TD Ameritrade have all been used in the scam.