The B2B Payments Fraud Threat Of Internal Employees
January 17, 2020
Ten percent of business email domains are protected from spoofing, according to recent Security Boulevard reports. That means the vast majority of businesses are at risk for an array of cybersecurity incidents, including the Business Email Compromise (BEC), which often sees fraudsters spoofing legitimate email addresses from vendors, and sending seemingly real requests for payment. The risk can also lead to fraudsters spoofing the email addresses of C-Suite executives to initiate payments to a fraudster’s account.
Approximately $185,000 worth of payroll fraud hit a Minnesota company, with local reports noting that a bookkeeper allegedly manipulated payroll data to overpay her salary. The scam reportedly lasted about five years, and the former bookkeeper has now been charged with felony theft.
About $1 million was swindled from the Colorado town of Eerie, with the FBI now investigating the matter. Gov Info Security said a reported cybersecurity incident involved a scammer using the town’s website to request changes to bank account information for a local construction supplier, with directions to receive payment via wire transfer instead of check. That requested change was not entirely verified by town personnel, reports said, and the wire transfer information was later confirmed to not be related to the real supplier. The case coincided with another cybersecurity incident at a Colorado water supplier, in which fraudsters infiltrated the utility platform of Aurora Water to steal customer information.
According to local Kentucky Today reports, $1.5 million was embezzled from a Kentucky school district, pointing to a former finance director, now the subject of an FBI probe. Reports said the former finance director allegedly stole $1.5 million since at least 2011 by generating fake invoices from legitimate vendors, and using company checks that were reportedly doctored to be deposited into her personal account. According to the publication, the school district’s annual audit failed to identify the scheme because only a section of all transactions are reviewed.