While the threat of cyberattacks continues to impact organizations directly, businesses of all sizes are also facing threats from their own supply chains. The latest data suggests that the business email compromise (BEC) scam continues to plague firms and their banking partners, with cybercriminals going after business partners and suppliers, and expanding their target base from there. PYMNTS rounds up the latest stats from this threat, plus more stories in the world of B2B fraud, below.
2.3x more fraud attempts have hit small businesses compared to larger companies, according to data released earlier this month by Strategic Treasurer. In its 2021 Treasury Fraud & Controls Survey, the company found that one-fifth of fraud experiences had some connection to the coronavirus crisis. Meanwhile, it’s not only small businesses and larger firms concerned about fraud: according to the report, 86 percent of financial institutions say BEC is their greatest threat in the coming two years. In a statement reported by Help Net Security, Strategic Treasurer Managing Partner Craig Jeffery said, “Ultimately, we are seeing digital warfare escalation, in which firms are meeting the criminal use of automation with their own defensive tools and controls.”
8 government entities in the U.S. have so far issued data breach notifications, the result of so-called Cuba Ransomware attacking the Automatic Funds Transfer Services (AFTS) used by members of the public sector to process payments. According to Bleeping Computer reports, among those exposed to the attack include the California Department of Motor Vehicles, as well as five cities in the state of Washington. Reports said the perpetrators of the ransomware attack have claimed to have stolen “financial documents, correspondence with bank employees, account movements, balance sheets and tax documents.” In addition to running the risk of compromising the data of individual citizens, the cyberattack may also raise concerns over the ability of attackers to infiltrate government entities supplier payment and banking workflows.
20 employees or fewer is the new, temporary threshold for Paycheck Protection Program (PPP) loans, a new initiative by the Biden administration designed to alleviate the pressures many small businesses are facing in their efforts to access federal aid. According to a recent report in The New York Times, in addition to challenges stemming from an overwhelming demand in aid, fraud checks have become a source of friction for many PPP applicants. The first round of PPP loans was designed to dole out funds to as many businesses as possible, thus eliminating many traditional safeguards to combat fraud, reports said. As a result, the second round has taken a more aggressive stance to combat fraud, but now, some businesses and lenders are finding that those measures are actually hampering efforts to get funds into the right hands. According to the publication, “false red flags” continue to be a problem in this latest round of PPP funding.
144 percent higher average costs of BEC are being reported to the FBI’s Internet Complaint Crime Center (IC3), according to new data from Abnormal Security. The report, which analyzed cyber events at corporates between Q3 2020 and January 2021, found that, in addition to the higher likely costs of a BEC scam, there is also an 82 percent increase in the chance that companies will be attacked via a SolarWinds-style vendor email compromise (VEC) attack. “Throughout 2020, threat actors increased attacks on enterprises using novel and sophisticated social engineering techniques to infiltrate trusted supply chain communications,” said Abnormal Security CEO and Co-Founder Evan Reiser in a statement. “To stop these attacks, large enterprises need the right technical controls to identify vendors that have been compromised.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More