Holiday Season Brings Corporate Payments Fraud Spike

’Tis the season for corporate fraud?

The holidays are unfortunately one of the busiest times of the year for fraudsters looking to capitalize on the surge of shopping and payments activity. In the U.S., the FBI recently issued a warning for holiday shoppers of a new scam called eSkimming, in which cyber criminals hack into legitimate online retailer websites to steal shoppers’ credit and debit card details.

Unfortunately, this time of year fails to bring relief for businesses that fall victim to corporate and B2B payments fraud, too.

Recent reports in The Seattle Times warned that during the holidays, scammers are increasingly targeting small businesses with phishing email attacks pretending to be an executive or boss, requesting that an employee procure gift cards. The scam then requests the employee to submit those gift card numbers to the “boss” over email, falsely claiming that the gift cards are gifts for employees and others.

“When it appears to come from a boss or CEO, I think there is that tendency among employees to follow those directions,” said Sherrod DeGrippo, senior director of Threat Research and Detection at Proofpoint, in an interview with the publication. “They’re playing on their emotions.”

The holiday season can also mean charitable organizations become bigger targets as more donations roll in, as the Salvation Army recently discovered. (More on that below.)

This week’s B2B Data Digest dives into the latest statistics of fraud targeting corporate funds through internal employee scams in the accounts payable (AP) and payroll departments, and external frauds that reflect the growing threat of cyberattacks.

83 percent of businesses made a cross-border payment in 2019, new research from Tipalti conducted by Levvel Research found. Yet, analysts warn, as cross-border B2B payment volumes rise, so does the risk of fraud. Thirty-three percent of the 450 North American professionals surveyed said they are concerned about fraud, while more than one-quarter cited concerns over data security in particular.

60 percent more ransomware attacks were recorded this year, new data from Kaspersky Labs found. The year-over-year surge in ransomware largely targeted municipalities and their subset organizations, highlighting a shift in ransomware targets from corporates to government entities. According to analysts, while municipal organizations cannot pay out ransoms as large as corporates can, analysis suggests they tend to heed demands for the ransom more quickly. However, as Kaspersky security researcher Fedor Sinitsyn noted, paying the ransom only encourages the cyberattackers to continue the crime.

$200,000 was reportedly stolen from the Salvation Army at its North Carolina district headquarters. Reports in WSOCTV said a payroll director at the Salvation Army district headquarters has pleaded guilty to one count of wire fraud. Prosecutors said the payroll director generated prepaid debit cards under the names of other employees, only to use those cards herself and withdraw funds from ATMs.

$3.2 million was allegedly stolen from a Pennsylvania municipality via an AP and payroll fraud, Delaware Online reported recently. An employee of the Kennett Township municipality is accused of stealing the funds by writing checks to herself and making payments to her personal credit card accounts via Kennett Township’s accounts, as well as falsifying her working hours to inflate compensation, and of misusing the township’s commercial credit card. The case was uncovered after Capital One’s fraud department notified Kennett Township officials of suspicious activity.