The Predicament Of C-Suite Fraud And Government Cyberattacks

Australia is the land for some underhanded doings from scammers attacking small businesses for payments fraud — targeting two-thirds of SMBs, according to a Norton LifeLock study. Separately, 93 percent of SMBs in the U.K. are unable to recover the vast majority of funds lost to fraud.

Fraud knows no boundaries. In the B2B space, the latest cases are spread across North America, Australia and the U.K.

In the U.S., new reports from The New Yorker this week dove into how the current CFO of the National Rifle Association (NRA) allegedly embezzled funds from his last company, employee benefits consulting firm the Wyatt Company. Aside from the political implications of such claims, The New Yorker‘s report pointed to the fraud risks that organizations face, even from the C-Suite.

According to reports, the Wyatt Company’s accounts payable (AP) department received a call from one of its service providers, Associates Relocation Management (ARM), which alerted Wyatt of an unpaid bill. The AP department, however, had a record of paying ARM. It was then revealed that the check was not deposited into the company’s bank account, but routed into a Maryland account owned by NRA CFO Wilson H. Phillips, Jr.

The report claimed that Phillips ultimately embezzled at least $1 million from the company. It also highlighted the predicament that organizations face if a C-Suite executive is found committing fraud.

“Wyatt’s doors would have closed if the company prosecuted him,” said Mary Hughes, Wyatt’s AP manager, in an interview with the publication. “I mean, we were dealing with people’s money, and our CFO was stealing.”

Similar predicaments of public image arise when a government falls victim to fraud.

In Florida, The New York Times reported on Thursday (June 20), government officials of Riviera Beach voted to pay nearly $600,000 worth of ransom to hackers, just weeks after Baltimore paid $18 million for a similarly crippling ransomware cyberattack against government systems.

Riviera Beach, with a population of 35,000 people, is the latest government victim of cyberattackers, which reports said are “emboldened by their increasingly sophisticated ability to target government agencies,” citing remarks from Jason Rebholz, a MOXFIVE principal and ransomware expert. The cyberattack on the city was launched when a member of its police department clicked on an email attachment with an infected link.

Finally, in Texas, the Better Business Bureau (BBB) is warning small businesses (SMBs) of the latest twist on the Business Email Compromise (BEC) scam: fraudulent requests for proposals with PDF attachments infected by malware.

Canada’s Crypto Case

In Canada, The Block pointed to a new report from EY, which has been appointed as monitor of QuadrigaCX, the now-defunct cryptocurrency exchange that suddenly closed following the death of its Founder and CEO Gerald Cotten. The story hit a new twist this week, though, with EY finding evidence that Cotten embezzled cryptocurrency to his personal accounts, and that the company’s infrastructure was “significantly flawed from a financial reporting and operational control perspective.”

Australia’s SMB Scam Surge

For payments fraud, the land Down Under seems fertile ground, too.

A study by cybersecurity firm Norton LifeLock, as detailed in, found that the smallest firms — self-employed individuals and SMBs — are reporting an outsized number of scams, as compared to their larger brethren. Twice as many, as a matter of fact.

The scams range from false billing to outright hacks. As much as two-thirds of SMBs have been targeted by fake email ploys, while 80 percent self-employed individuals, micro-businesses and small businesses are concerned about identity theft.

As reported, Norton Territory Manager Mark Gorrie said fake invoice scams and Australian Taxation Office impersonations have become “common” as financial year-end tactics.

“Tax time in particular is like Christmas to cybercriminals,” he said. “Employers need to educate their workers on security policies and best practices, such as having up-to-date comprehensive security software, strong and varied passwords, and the ability to identify fake emails to mitigate risks.”

In The UK, Too

Separately, as much as 93 percent of SMBs in the U.K. are unable to recover more than half of the losses caused by payments fraud. That’s according to research from Bottomline Technologies, which found that, per data spanning hundreds of firms, 45 percent of businesses have been hit by fraud within the last 12 months.

The average financial loss caused by fraud, as reported by, came in at more than £240,000 (just over $305,000 USD). Forty-seven percent of those companies surveyed, said Bottomline, recover 20 percent of losses.

Bottomline’s results showed that 78 percent of respondents are worried “a fair amount” or a “great deal” about cyberattacks, and about 68 percent of respondents are worried about falling victim to payment scams. In addition, one in six respondents are worried a “great deal” about fraud committed from within the company.