Invoice Fraud Strikes Amazon In $19M Scam
In a case that highlights how anybody — truly, anybody — can be a victim of invoice fraud, federal officials have reportedly charged two brothers in New York State for an alleged $19 million scam targeting Amazon.
The eCommerce conglomerate issued a press release late last
week announcing its cooperation in the investigation and prosecution of the
individuals charged by the United States Attorney's Office for the Southern
District of New York. The allegations, outlined in a separate announcement by
the District Attorney' Office, claim the brothers "manipulated"
Amazon's vendor system to have the company pay for goods Amazon never actually
purchased.
In a statement, Acting Manhattan U.. Attorney Audrey Strauss
described the scam as "a new twist on an old trick" through the use
of "complex technology."
In another statement, HSI Special Agent-in-Charge Peter C.
Fitzhugh warned, "Invoice fraud is not a victimless crime. Millions of
dollars in lost revenue negatively impacts a company's ability to provide
cost-effective services to legitimate customers who use the vendor's platform."
This week's B2B Data Digest looks at the rising threat of
the business email compromise (BEC) scam and invoice fraud on companies of all
sizes in the U.S., Canada and the world over.
A 60 percent increase in ransomware payments signals
continued B2B payment attacks, according to the latest data from Coveware.
Reports in Security Boulevard said that the 60 percent spike occurred in just
three months, with the average payout being $178,254 for Q2 2020, compared to
$111,605 in Q1.
Analysts pointed to several high-profile ransomware cases
that hit large enterprises, including Cannon and Garmin, as a contributor to
the higher payout values. Yet with companies of all sizes working from home,
ransomware attacks are also on the rise among smaller firms. A 41 percent
increase in remote desktop protocol (RDP) sessions for professionals working
remotely has created a broader landscape of vulnerabilities for attackers to
target businesses, researchers said.
389 percent more BEC scams hit U.S. businesses between Q1
and Q2, per new Abnormal Security research revealed in its Quarterly BEC Report
for Q2 2020. Analysis found that despite the surge, data suggests that
COVID-19-themed BEC scams have already peaked. Yet for the attacks that remain,
there has been an increase in those targeting employees within finance
departments rather than C-level executives. Vendor fraud is fueling a 112
percent increase in payment and invoice fraud attacks, researchers noted,
adding that Q2 data show a spike toward the end of June, with Abnormal finding
an increase in payment and invoice fraud attacks related to the coronavirus for
the first time during the quarter.
"The pandemic has ignited digital transformation
efforts at a breakneck pace and cybercriminals are moving just as fast, taking
advantage of a new work-from-home landscape amid great business
uncertainty," stated Even Reiser, co-founder and CEO, Abnormal Security.
1,000+ companies around the world using Office 365 have been
targeted by BEC scams, new research from Trend Micro has revealed, according to
Gov Info Security. Reports said the fraudsters have stolen more than 800 sets
of credentials in an attempt to commit B2B payment fraud via spear-phishing
attacks.
The report said that the attack first began with
cybercriminals infiltrating email accounts to facilitate their phishing
attacks, with analysts finding that these fraudsters targeted high-level
executives in finance departments in particular.
$14.8 million in BEC-related losses hit Canadian businesses
in the first half of 2020, with a total of 951 spear-phishing reports, warns
the Canadian Anti-Fraud Centre. BEC attacks are on the rise in Canada, analysts
say, according to reports from IT World Canada.
Unsurprisingly, experts have pointed to the COVID-19 crisis
as a key factor behind the rise in the scam, which involves fraudsters stealing
company credentials, posing as legitimate vendors or submitting fraudulent
invoices in an effort to infiltrate companies' accounts payable departments and
reroute supplier payments into criminal bank accounts.
While credit card fraud volume may be higher, experts warned
that BEC scams tend to result in higher payouts for fraudsters, and the
coronavirus is making it even easier to siphon funds out of business bank
accounts due to employees working remotely.
"Because of all the remote access, there's a lot less
in the way of controls," said Payment Software Co. VP Tom Arnold in an
interview with the publication. "It's quite a problem."
Comments
Post a Comment