New fraud tactics continue to emerge, as described below, and our defense strategies might fail unless we stay informed about what can happen. To discern between fraudulent and legitimate business communications, some people rely on verifying an email address. That is, they hover over the sender name and look for anything slightly off that would indicate a fraudster. Others feel comfortable with a request if it comes via phone versus email. These actions are not enough. AP Now issued a warning today about how criminals have stepped up their efforts, but there are things your organization can do to prevent becoming a victim.
As shared by AP Now, cyber criminals have used artificial intelligence (AI) and voice technology to impersonate a UK business owner, resulting in the fraudulent transfer of almost a quarter of a million dollars. Would your organization fall for something like this?
As AP Now stresses, pick up the phone and verify the request using a phone number already on record. Alternatively, go to the organization’s website, get the main number and call. This should be done even if the caller ID associated with the transfer request seems to confirm the legitimacy of the call. Why? It is possible to spoof the number. While making a verification phone call is extra work, it could spare your organization a lot of pain.
Update your internal controls as necessary. Besides telling employees to make a phone call to verify a request, ensure the written procedures specify this protective action.
Anyone with the ability to spend or commit your organization’s money, such as accounts payable and cardholders, must stay educated about fraud tactics. Continuously share any examples you read about, discuss fraud within department meetings, and mandate annual training for employees.
The above is one of many issues that will be addressed during AP Now’s How to Recognize New Frauds during AP Fraud Prevention Week October 7–11, 2019. Visit AP Now to learn more.
In addition to what AP Now is doing, I will be delivering a virtual workshop on Purchasing Card audits, aimed at auditors, for The Institute of Internal Auditors/Public Sector™ Audit Center beginning October 16. For details, including registration, visit The IIA website.
Speaking of fraudulent communications, I could have easily become a victim last week. I received an email reply from a company that I was doing business with. The sender’s email address was a correct match and the email content included my past communications with this company. The only odd part was that the sender included a zip file attachment, asking me to open to view details about our upcoming meeting. This did not seem right to me, so I called the phone number I had for this company. The employee confirmed her email had been hacked. Opening the zip file would have unleashed trouble for my computer. Always independently verify anything that seems odd.
Available Products & Services from Recharged Education
Submit a contact form to request a quote for what your organization needs.
Subscribe to the Blog
Receive notice of new blog posts.
About the Author
Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more…