SEC Issues Corporate Fraud Warning As BEC Scams Climb

The risk of fraud continues to climb for organizations of all sizes as the latest data reveals third-quarter spikes in business email compromise and ransomware scams. This week’s B2B Data Digest takes a look at the numbers behind those spikes, finding small businesses to be particularly at-risk. Plus, the latest allegations of fraud hit the PPE supply chain, and the U.S. Securities and Exchange Commission issues a dire fraud warning.

30 cyber alerts have been issued by the U.S. Securities and Exchange Commission in October alone as the SEC warns that cyberattacks against corporations are on the rise. Increasingly, the concern has turned to ransomware and credential compromises, with authorities urging businesses to implement multi-factor authentication measures to protect their data. “Cyber risks have not gone away with the unfortunate, unforeseen risks we’ve faced with COVID and other uncertainties in our economy,” SEC Chairman Jay Clayton said to CNBC. “They’re still there, and they’re there more than ever.”

155 percent more cases of invoice and payment fraud hit organizations from Q2 to Q3, the latest analysis from Abnormal Security has found. Business email compromise scams spiked 15 percent during the period, too, with researchers finding that BEC attacks increased across 75 percent of the industries surveyed. The retail/consumer goods and manufacturing sectors were particularly susceptible to invoice and payment fraud, with brands including DHL, Dropbox and Amazon ranking the most-impersonated by cyber attackers, researchers said.

$21,000 was reportedly fraudulently charged to a corporate card by a former Bank of America analyst in India, Business Insider India reported recently. According to a complaint, the individual misused his company credit card for personal purchases and has failed to pay the company back. The individual claimed that he lost the card, however, and that he was not the one making the purchases in question. The case raises the issue of commercial credit card security and problems that arise whether an employee intentionally misuses the card, or whether it is lost and at-risk for fraudulent misuse.

$150,000 was allegedly stolen from the University of Otago in New Zealand, local reports said, with a couple accused of setting up a false software company and establishing it as a supplier to the university. The individuals are then said to have submitted fraudulent invoices to the university from the fake company, routing the payments to their personal accounts. While the couple has avoided jail time, local reports said the individuals have been sentenced to 10 months’ home detention.

$233,817 is the average ransomware payment an organization pays to regain control of its systems, according to new data from Coveware. Researchers examined cases of ransomware attacks in the third quarter of 2020 and found that the average payout rose 31 percent. Further, the average business interruption time is now 19 days, up 19 percent quarter over quarter. Businesses with up to 1,000 employees made up 73 percent of ransomware targets. According to analysts, there is an increasingly troubling trend of businesses not regaining access to data or control of systems even after a ransom is paid. As a result, Coveware is urging organizations to think diligently about their response strategies.

$59 million worth of medical masks are missing as a U.K. government procurement deal collapses, and authorities suspect fraud, according to The Guardian. The U.K. Department of Health and Social Care had procured the PPE items from supplier Purple Surgical, with payment made upfront. However, according to reports, the supplier has not provided the items ordered, and Purple Surgical is claiming fraud from its own vendor, a supply chain issue that reports said highlights the complexities of the global PPE supply chain.