BBB: What should you do if your organization has lost money to a BEC fraud?

 
What should you do if your organization has lost money to a BEC fraud?
 

According to the Better Business Bureau study of Business Email Compromise Scams:

  1. If an organization finds that it has been a victim of a BEC fraud, it needs to immediately call its bank to stop the payment and report it to the FBI in the U.S. or the Canadian Anti-Fraud Centre in Canada. If a report is filed within 48 hours, there is a chance the money can be recovered.

  2. Complain to the FBI’s Internet Crime Complaint Center. IC3 also asks people to report unsuccessful BEC attempts as well. Information from attempts may help establish patterns or identify mule bank accounts.

  3. Complain to the Canadian Anti-Fraud Centre: 1-888-495- 8501.

  4. Report fraud to BBB Scam Tracker.

We are recommending two more:

  1. If the threat impersonated the IRS: phishing@irs.gov.

  2. Vendor Maintenance Training to protect against fraudulent payments:

New Scam Alert: Using Fake Performance Appraisals as Phishing Attacks

New Scam Alert:  Using Fake Performance Appraisals as Phishing Attacks

Phishing is nothing new and we know that cybercriminals are always evolving their quest to steal your business credentials. What better way to get employees to click than to tie it to performance appraisals.

How to thwart? Use Multi-Factor Authentication in case any of your accounts are compromised. Also, since many company performance appraisals are on the company intranet, refrain from clicking on links in email and navigate through your company intranet.

Security Intelligence has the story here.

New Scam Alert: Don't Fall For Phishing Scam for Amazon Overdue Bills

Amazon Web Services Scam.jpg

The scam email claims to be from Amazon Web Services and uses a realistic logo and font to inform users their "services have been suspended." The overdue amount is a middling $4.95, and clicking the link to take care of it transports you to a landing page with space to enter your Amazon account information. Once entered, you're kicked to the real Amazon.com.

By then, hackers already have your Amazon username and password.

Komando has the full story here.

6 Phishing Attacks and How to Combat Them

6 Common Phishes.jpg
  1. Deceptive Phishing

  2. Spear Phishing

  3. CEO Fraud

  4. Vishing

  5. Smishing

  6. Pharming

Have you heard of all? Do you and your staff know how to combat? Tripwire has the full story here.

If you work in Accounts Payable, check out my Authentication Guide to authenticate vendors when they call on the phone or send an email.

New Scam Alert: Fake Voicemail Notifications in Email as Bait

New Scam Alert:  Fake Voicemail Notifications in Email as Bait.jpg

Scammers try to access Microsoft services using fake voice message. Make your employees aware not to click the link that will request a sign-in to a phishing site to steal their Microsoft credentials.

Kapersky daily has the story http://bit.ly/2ojuYc9

October 2019 National Cybersecurity Awareness Month

Debra R Richardson, LLC is a National Cybersecurity Awareness Month 2019 Champion. We're committed to #BeCyberSmart – are you? #CyberAware staysafeonline.org/ncsam/champions/

Follow #StayCyberHappy during October for my Daily Tip to Protect You, Your Vendors & Your Company!

We're a Champion.png

New Scam Alert: Change Your Calendar Settings to Avoid Fraud

Scam Alert:  Change Your Calendar Settings to Avoid Fraud

Cybercriminals are taking advantage of your calendar settings to automatically add invitiations. Fraudulent links or downloads are included in the invite, which is more likely to be accessed by the user since their guard may be down in calendar assuming they forgot they accepted the calendar invite.

Change your (Google, Outlook, etc) calendar settings to not automatically accept invitations.

The Better Business Bureau has the story.

AP Appreciation Week & AP Fraud Week - AP Now: October 7 - 11, 2019

AP Now Appreciation Week 2019.jpg

Debra R Richardson LLC is a proud supporter of AP Appreciation Week (October 7- 11, 2019) which will also be AP Fraud Prevention Week. Everything we do this week will be focused on helping you protect your organization against fraud. There is absolutely no charge to participate. 

This year, the focus is fraud prevention. Every professional concerned about protecting their organization against fraud is invited to participate. 

How to Participate: You can register to participate simply by sending an email to publisher@ap-now.com with the words "AP Week" in the subject line. 

Again, there is absolutely no charge for any of this. 

As in the past we'll have a free give-away each day as follows: 

• Monday - join us for Payables Anatomy where we'll provide you with a Fraud Prevention checklist 

• Tuesday - join us for Payables Investigators where we'll share an article loaded with tips on how you can prevent fraud. 

• Wednesday - play Payables Fire with us as we share a quiz you can use to test your Fraud Prevention knowledge 

• Thursday - join us live for This is Payables where everyone is welcome to attend our new webinar, How to Recognize New Frauds in Accounts Payable. If you can't make the live presentation, we'll share a link that will be good until the end of the month. 

• Friday - Play Game of Payables with us as we share a puzzle with a Fraud Prevention Twist 

Each morning, except Thursday, you will receive an email with the item shown above. 

How to Participate: You can register to participate simply by sending an email to publisher@ap-now.com with the words "AP Fraud Week" in the subject line. 

Again, there is absolutely no charge for any of this. All participants will also receive AP Now's twice-a-week news alert. 




North Carolina county falls for BEC scam, to the tune of $1,728,083

Debra R Richardson.jpg

The North Carolina county of Cabarrus, in the US, says that it’s managed to claw back only some of the $2,504,601 it paid to a scammer posing as a contractor working on building a new high school.

The crooks used social engineering – specifically, what’s known as a Business Email Compromise (BEC) scam – to pose as Branch and Associates, which is a general contractor that’s working on building a new school for the Cabarrus County Schools District.

The scam came to light after Branch and Associates sent a courtesy notice about a missed payment on 8 January. County staff confirmed that the electronic funds transfer (EFT) had, in fact, cleared the month before.

County officials next notified the bank to which the $2.5m was transferred, Bank of America. The bank managed to freeze $776,518.40 of the $2,504,601 that remained in traceable accounts.

Continue reading on Naked Security.


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

Cabarrus County hires consultant to help train, protect future assets after scammed out of millions

Cabarrus County hires consultant to help train, protect future assets after scammed out of millions.jpg

CONCORD – Social engineering and phishing scams are becoming more prevalent among companies and organizations.

The Cabarrus County Government disclosed Monday night that they are still missing more than $1.7 million after a social engineering scam diverted a $2.5 million vendor payment made by the county.

To protect their future assets, the county hired Oklahoma-based accounts payable consultant Debra Richardson to train staff and redesign its vendor processes and review vendor files.

She consults, trains, provides tips and gives directions to accounts payable teams on how to avoid sending out a fraudulent payment.

Read the rest of the Chicago Tribune article here


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

How I Helped Cabarrus County After Their Social Engineering Scam. I Can Help You Too...

How I Helped Cabarrus County After Their Social Engineering Scam.jpg

Great mention of my services: "Cabarrus County government targeted in social engineering scam" - Business Today http://bit.ly/2YvzSPC


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

Guest Appearance: Protecting your accounts payable function from cyberattack

 
Cyber Risk Management Podcast.jpg
 

Click to Listen

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Debra Richarson about how finance professionals should protect their company from common financial cyber fraud.

Two Day Seminar: Account Payable Best Practices (New York - June 27-28, 2019)

Accounts Payable Best Practices.jpg

The accounts payable function is changing at a dizzying pace. Technology, new frauds and regulatory changes are all taking their toll. What worked yesterday may not work today. Given the current business environment, mounting regulatory pressures, and the increased visibility and importance of the accounts payable function, best practices are something with which every professional needs to be conversant. Unfortunately, keeping up to speed these days can be like herding cats. While some best practices remain steadfast, others simply no longer work and are being replaced by new practices just now appearing.

The talk will include a discussion of the newest best practice every organization should implement to ensure crooks don't get their hands on money or sensitive information. This is one session you might want to invite your colleagues in accounting, auditing and payroll to so they implement appropriate best practices and are not bamboozled by some of the newest frauds.

To learn more click here.

AP-NOW Webinar: Master Vendor File Validations Best Practices - August 7, 2019

When: August 7, 2019
Time: 1:00 p.m. EST (noon CST; 11:00 a.m. MST; 10:00 a.m. PST)
Where: Your office

 Information about The Master Vendor File Validations Best Practices webinar can be found here.

Until recently, one of the often-overlooked areas in accounts payable, was related to the master vendor file; specifically, the data that was entered without any verification whatsoever. However, the recent spate of new electronic payment frauds highlighted the very real danger of entering information without verifying it.

That’s why we’ve invited Debra Richardson to share her considerable expertise on how validations should be conducted and where to get the information you may need to complete these data validations.

After this session, you will be able to:

  • Create best practice processes for validating critical vendor data

  • Identify the 11 vendor validations and know how to perform them

  • Explain the reasons for these validations to management

  • Craft practices to validate bank data collected

  • Recognize other considerations that need to be taken into account when setting up vendors

And more.

Bonus: Each attendee will receive their own Vendor Validation Reference sheet, which contains links to or information about 24 different items. While most won’t use all the links, everyone will benefit from at least nine of them.

Prerequisites: None
Program Level: Intermediate
Advance Preparation None
Format: Group Internet-Based (Webinar)
CPE Credits 1.0

About our Expert: Debra Richardson, Owner, Debra R Richardson, LLC, is an accounts payable speaker, consultant, and trainer with over 20 years of experience in AP, AR, general ledger, and financial reporting for Fortune 500 companies including Verizon, General Motors and Aramark.

For eight years, Debra has focused on Global Vendor Maintenance, and implemented a vendor self-registration portal for 140k+ global vendors across five ERPs. In her consultancy, she focuses on authentication techniques, internal controls and best practices to prevent fraud in the vendor master file.

Debra now focuses on helping accounts payable teams protect the vendor master file from fraud.

CRYSTALLUS  Inc. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN, 37219-2417. Web site: www.nasba.org.

National Small Business Week May 5 - 11, 2019

Happy Small Business Week! With more than 30 million small business owners nationwide, neighborhoods and families depend on your success.

Click here for free employee training.

Click here for Small Buxiness Cybersecurity “Quick Wins”

National Small Business Week 2019.jpg

Phishing Training and Internal Controls = More Effective

Phishing and Internal Controls

Phishing and Internal Controls

Enlightening Phishing quiz, but you can't rely on all employees spotting phishing attempts 100% of the time. Use internal controls and processes that will stop phishing attempts from being processed. Click here to take the quiz.

Learn more about Authentication Techniques, Internal Controls and Best Practices.

New Book: Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks

Fire Doesn't Innovate.pngFire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks

I recently reviewed this new book. It is written for the executive, not the IT team. The message is to treat CyberSecurity as another business risk and implement processes and controls to mitigate. Kip gives the framework and makes it understandable with real-world examples. This book is truly a guidebook to reduce the potential for fraud and protect businesses of all sizes from today's cyber risks.