BEC Fraudsters Eye HR Departments As Prey      

App-loopholes-could-be-fraud-targets

Fraudsters are always evolving and now are training BEC scams to focus on HR and finance departments.  Separately ACH debit and ACH credit fraud are both on the rise, according to a recent study.

It’s no secret that fraud is evolving as the bad guys and bad girls look to stay one step ahead of the ones wearing the white hats, warding off fraudulent transactions with the aid of prudence and good technology.

Thus, business email compromise fraud (BEC) is evolving too.  As reported in darkreading.com, the gangs using BEC – new gangs and seasoned gangs – have recently been targeting human resource and finance professionals to grab direct deposit payroll information to siphon off funds.  Vade Secure has noted that such activities now include initial approaches to HR executives, where the goal is to get them to redirect funds to the fraudsters’ own accounts.

The BEC attempts are also relatively cheap campaigns to wage on firms.  Said Adrien Gendre, chief solution architect for Vade Secure, on the site: the email scams “are not isolated, that’s for sure.”

The HR/finance professional focus seeks to get credentials from a high-ranking employee in a targeted firm and leverages that employee’s legitimate email account to send emails to the finance professionals to get the funds transferred.

 ACH in the Crosshairs, Too

Separately, even a range of transaction types are increasingly in the fraudsters’ crosshairs.

The Association for Financial Professionals (AFP) found that although automated clearing house transactions are generally regarded by CFO.com to be relatively “safer” than other types of transactions — say, paper checks — fraud involving ACH is on the rise.

The latest data from the AFP finds that last year as many as 33 percent of organizations were subject to ACH debit fraud.  In addition, said the findings, 20 percent of firms were subject to ACH credit fraud — and these were the only types of fraud (as measured by payment methodology) that saw boosts.

“This new development indicates that fraudsters are now trying to use ACH transactions as vehicles for their scams as they move away from checks and wires,” said the association, which also noted that the processes leading up to the payment itself represent the points where the fraudsters ply their trade.  That comes, for example, as fraudsters gain access to a firm’s internal operations and use the ACH methods for account takeovers. Indeed, BEC was the way the criminals gained access to many of their victims — as many as 33 percent of them, which is up from the 12 percent seen in 2017.

As CFO.com noted from the findings, 76 percent of the respondents have tried to bring stronger internal control procedures on board to combat these BEC attempts.

In terms of individual company news, coinweek.com reported fraud at internet auction site Sixbid.com earlier this month; according to several auction houses, bidders received fake invoices sent by email that sought to get unwitting customers to send payment.

And in one example of using technology to combat fraud, Small Business Trends reports that AppZen has debuted a product geared toward helping smaller businesses detect invoice fraud “in real time.” The offering, known as AppZen Invoices and Contracts Software, uses AI to spot differences between the amounts being requested through invoices and the amounts agreed to in contracts — and it also helps spot duplicative invoices.  The company has estimated that it can help smaller firms avoid losing as much as five percent of annual top lines to fraud, where the annual median loss last year tallied about $164,000.