The truth is, all businesses are at risk of being scammed at some point, and just one incident can cost a company millions of Rand. Ryan Mer, CEO, eftsure Africa, a Know Your Payee™ (KYP) platform provider, says that fraudsters are constantly finding new ways to exploit vulnerabilities and attack corporate payment systems and it’s critical that we all work together and share information to remain one step ahead of scammers.
Accounts payable fraud is one of the most damaging and is common in companies large and small, targeting the department responsible for paying suppliers and other vendors. A report from JP Morgan found that 81% (source) of organisations were hit with payment fraud in 2019, and only a relatively small portion of losses are recovered because the scam worked so well.
Here are some of the top scams to look out for:
Internal fraud
More often than not many companies realise fraud is perpetrated from within. According to the Global Economic Crime and Fraud Survey, 41% of economic crimes in South Africa are committed by employees, compared to only 36% by external fraudsters and 21% a collusion between the two.
“Employees have access to internal systems and knowledge of internal processes, and so they know where any vulnerabilities lie in your organisation’s internal controls,” explains Mer.
Some ways they can scam your organisation include:
- Changing the banking details of suppliers, rerouting funds to their own account or an accomplice’s account. This happens especially with ad hoc suppliers.
- Adding fictitious suppliers or employees onto the payroll or colluding with suppliers to issue fake invoices.
- Submitting illegitimate reimbursements for expenses.
- Issuing fake refund payments to customers.
Social engineering
Social engineering is the attempt to convince a person to perform an action or divulge information against his or her own interests and forms the basis of many scams. “It is a tool used to manipulate targets by relying on human impulses of being helpful, avoid conflict and problem-solve quickly,” reveals Mer. “By deceiving an employee into revealing confidential information, the way is paved for scammers to initiate fraud against your organisation.”
In an example scenario, a scammer could contact your accounts payable team and pretend to be a supplier trying to update their banking details on your system. The next time you pay the supplier, the funds are sent to a bank account controlled by the scammer.
Business email compromise (BEC)
These scams are on the increase due to the ease of attack combined with the problem of staff being unable to tell the difference between real and fake emails. The FBI’s Internet Crime Complaint Centre says losses from BEC scams topped $12billion globally in 2018, with 97% of losses attributed to ‘false billing’ scams. One form of BEC is supplier email compromise, which involves fraudsters first infiltrating the email systems of the target companies’ suppliers and then using that access to imitate the supplier company and send the target company fraudulent emails.
Impersonations
Mer says that advances in artificial intelligence are making it easier for fraudsters to use impersonation to their advantage. One of the ways they do this is by creating realistic audio and video impersonations. They feed an audio or video sample of your organisation’s CEO or CFO into a software programme and create a fake recording of that person giving payment instructions to accounts payable staff. This message is then sent to unsuspecting staff, who make the payment, unaware that the message is fake.
Social media also plays a role here, particularly LinkedIn, which fraudsters use to create fake profiles and impersonate legitimate businesspeople.
