Hackers have been in the news nonstop through COVID. This trend was already on the rise, but it dramatically accelerated as a result of economic and business disruption.
Most of the C-Suite is concerned with the overall cybersecurity detection and response capacity for the organisation — that is the bright, shiny tech that scans emails for suspicious links, spins up firewalls and blocks employee access to bad sites.
But supplier network risk is often overlooked, and it turns out that a relatively low-tech part of any business may in fact be the frontline against some of the most destructive hacks around: business email fraud.
A business receives an invoice, it seems reasonable, it’s expected, they pay it. Except the account number has been changed and the money that you thought was going to a legitimate payee has ended up somewhere else instead. You’ve probably heard of this already — after all, it’s one of the most common attacks — and it may have even happened to you personally. If you’ve had personal or professional experience with this one, you’re probably forever changed. Scrutiny goes up so this will never happen again. Some businesses have been devastated by these hacks; some have even closed their doors.
The Australian government has an excellent primer on these and similar hacks. It’s worth sharing a portion of their points (read more here):
Criminals can impersonate business representatives using similar names, domains and/or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.
Common scams associated with business email compromise include:
Invoice fraud: Criminals compromise a vendor’s email account and through it have access to legitimate invoices. The criminals then edit contact and bank details on those invoices and send them to customers with the compromised email account. The customer pays the invoice, thinking they are paying the vendor, but instead send that money to criminals’ bank accounts.
Employee impersonation: Criminals compromise a work email account and impersonate a co-worker via email. Criminals can use this identity to commit fraud in a number of ways. One common method is to impersonate a person in power (such as a Chief Executive Officer or Chief Financial Officer) and have a false invoice raised. Another method is to request a change to a worker’s banking details. The funds from the false invoice or the worker's salary is then sent to criminals’ bank accounts.
Company impersonation: Criminals register a domain with a name very similar to a large, known and trusted organisation. Criminals then impersonate the organisation in an email to a vendor and request a quote for a quantity of expensive goods, like laptops. Criminals negotiate for the goods to be delivered to them prior to payment. The goods are delivered to a specified location, however, the invoice is sent to the legitimate organisation, who never ordered or received the goods.
From the above, you can really see how tricky this kind of hacking is to fight. That’s where accounts receivable comes in. Technology has created the cyber problem, but it also offers the solution. One of the key benefits of powerful and dynamic account receivable technology platforms is that it allows the automation of standard functions like paying. So, for example, with an auto pay feature in place, a business hack that relies on changing bank details is short-circuited.
But more than this, the best accounts receivable solutions enable AR professionals to focus on high value work, and avoid the overwhelm that comes from an endless regime of emails and phone calls. Presence of mind and the space to appropriately way up potential incoming threats on a common sense level is probably one of the best defences against a business email fraud hack working.
It’s likely that in the months ahead, we will see an increasing emphasis on accounts receivable as as critical link in a whole-of-organisation strategy guarding against cyber threats.