Organizations’ Fraud Threats Rise This Holiday Season

The holidays aren’t always so cheery as the risk of fraud plagues consumers and retailers alike.

With the pandemic accelerating a surge in eCommerce volumes, online fraud threats are at their peak, and everything from chargeback fraud to online product scams are dampening the holiday spirit.

But online shoppers aren’t the only ones at risk. The threat of fraud permeates throughout the supply chain and, during the busy season, can be more widespread and difficult to detect than ever. That’s in part due to the fact that corporates are accelerating their move online, too, to mitigate pandemic-related disruption and meet their customers where they are.

As NETSCOUT Area Vice President of Engineering, Threat and Mitigation Products Hardik Modi told PYMNTS, cybersecurity is now top of mind for many of these firms.

“The ability to successfully deliver applications, services, data and content under adversarial internet conditions has rapidly become the single most mission-critical function for entire classes of organizations which have until recently viewed their online presences as being of merely secondary importance,” he said.

This security focus will be even more acute amid the holiday season. According to cybersecurity experts, email scams rise during the holidays, with business email compromise (BEC) an especially concerning scam. The FBI warned in an announcement this month that cybercriminals are “gearing up for a busy season” as the mix of rising holiday shopping volumes and COVID-19 concerns create a perfect storm of fraud risks.

Corporate-Facing Fraud

In addition to consumer-facing scams like fraudsters that use stolen credit cards to purchase items and then ship them to a reshipping location, or social media scams from fraudulent entities claiming to offer holiday promotions like free gift cards, there are several scams the FBI said that can impact businesses and their employees.

One of which takes advantage of the fact that more professionals than ever are working from home. According to the FBI, professionals must be “wary” of online job postings that cater to the remote worker, with many of these posts having fraudulent intentions.

For corporates themselves, the FBI warned that businesses, like consumers, can be targeted in gift card scams. Cyber attackers will take advantage of more business-buyers procuring gift cards as employee holiday gifts, posing as legitimate coworkers to request that an employee buy a gift card on behalf of the scammer. The FBI also noted that this scam can often be coupled with other types of fraud, sometimes coming in the form of BEC in which a scammer requests a wire transfer or other payment be made.

Further, at a time when charitable donations are on the rise, nonprofits and charities can be particularly prone to fraud risks. The FBI noted that criminals may establish false charities to solicit donations from unsuspecting givers, while charities themselves can be targeted by fraudsters at a time when donation volumes are high.

Last week, Info Security reported that Philadelphia’s largest food bank, Philabundance, lost nearly $1 million due to a BEC attack in which a scammer sent a seemingly legitimate invoice from one of the food bank’s construction vendors.

According to a Charity Today report, one-third of U.K. charities say they have been the victim of a cyberattack during the pandemic, a survey from Ecclesiastical Insurance found, with phishing attacks the most common scam seen. In a new warning issued by the Charity Commission, Action Fraud and the Fundraising Regulator, the entities found that U.K. charities lost out on more than $460,000 as donations poured in for illegitimate charities set up by fraudsters during last year’s holiday season.

“Unfortunately, criminals will try to abuse the generosity and goodwill of others and this can have a huge financial impact on charities and the good causes they support,” said Action Fraud head Pauline Smith in a statement.

Finding The Culprit

Unfortunately, research reveals that corporates’ own employees and business partners can often be at the heart of supply chain fraud and other scams. Recent Deloitte Financial Advisory Services research found that nearly 29 percent of professionals in a survey said their firms had experienced supply chain waste or abuse in the last year. Of them, nearly 23 percent said the firm’s own employees were to blame, while 17.4 percent placed the blame with vendors.

According to analysts, pinpointing the cause of fraud in the supply chain is only part of the battle. Understanding how to reinforce an organization’s internal operations, as well as its external supply chain, is critical to combat the risk of supply chain fraud. Even so, researchers found more than one-quarter of survey respondents do not have a program in place to detect or mitigate fraud risks.

“Since every supply chain’s unique risk profile stems from a mix of cultures, geographies, industries and subcontractors, developing an effective supply chain forensics program is often more art than science,” Deloitte Financial Advisory Services Principal Mark Pearson said in a statement. “But, if you know where to look, red flags and other faint signals can help you focus limited resources to drive supply chain transparency and efficiency while reducing fraud, waste and abuse risks.”

According to NETSCOUT’s Modi, the cyber threat continues to grow, but there is technology available to help reinforce organizations’ safeguards.

“The good news is that in lockstep with this profound broadening and deepening of the importance of the online economy, internet-scale defenses are both widely available and within the reach of organizations of every size, locale and category,” he said.