Business email compromise (BEC) scams continue to ravage company coffers. Indeed, the last week has seen the emergence of even more examples coming to light. Just last week, IBM cybersecurity experts uncovered a widespread BEC attack targeting players in the coronavirus vaccine supply chain.
According to CNBC reports, the email phishing scheme involves attackers impersonating one business executive at a China-based business that offers temperature-controlled supply chain solutions. IBM researchers Claire Zaboeva and Melissa Frydrych said the aim of the attack “may have been to harvest credentials to gain future unauthorized access,” possibly with an intent to obtain information into vaccine distribution strategies.
As analysts raise the alarm about COVID-19-related BEC attacks, it’s likely that the vaccine supply chain will continue to be a target, potentially leading to organizations across that supply chain to lose out on money to fraudsters.
But the BEC scam is not the only kind of business payments fraud plaguing firms today. This week’s B2B Digest looks at how corporate finance scams come in all shapes and sizes, from employee expense fraud to invoice falsification. PYMNTS breaks down the numbers behind the latest cases below.
2.3 percent more financial crimes occur in cities where corporate accounting fraud has been reported, according to a new research report from Ohio State and Indiana University exploring the correlation between corporate fraud and local financially motivated crimes, reports in The Lantern said. Researchers discovered a “spillover effect,” in which reports of corporate fraud were linked to an increase in local theft and robbery reports. “It could really damage the economics of a city,” said co-author Eric Holzman, assistant professor of accounting at Ohio State. Analysis of 295 cases of accounting fraud between 1996 and 2013 was compared to property crime rates in the areas where corporate fraud occurred.
$12,600 was scammed from an Australian business via a fraudulent invoice, local reports said. The Perth-based business received a seemingly legitimate invoice from one of its partner veterinarians, but the business owner says that bank details were changed on the bill. The invoice was paid, but it was only after the fact that the business called the vet supplier to confirm that the bank details were actually different, at which time the scam was discovered.
$240,000 worth of fraudulent expenses has been ordered to be repaid after a U.S. federal judge ruled in a case against a former executive. Reports in the Financial Times said the executive was accused of filing fraudulent expense reports in which he used private equity funds to finance personal expenses like a bachelor party and a Super Bowl trip. In addition to ordering the former executive to pay a civil penalty for the fraudulent expense claims, the judge has rebuked his former employer for its internal policies that enabled the executive to get away with the expense scam for so long. According to the judge, Apollo Global Management was “recklessly indifferent about the source of his reimbursements,” and “significant liability lies with Apollo.”
$923,533 was stolen from a food bank in Philadelphia via a BEC attack, according to recent reports in Info Security Magazine. Philabundance, the region’s largest food bank, was in the midst of renovating its kitchen when it received a seemingly legitimate invoice from one of its construction suppliers. The nearly $1 million bill was paid before it was found to be a fraudulent bill sent via a spoofed email address. In a statement to the magazine, Lucy Security CEO Colin Bastable said that this attack “checks all the boxes of a successful BEC scam.”