EOFY to trigger spike in scams targeting finance teams
The rush to complete tax returns, bookkeeping and pay runs can make accounts payable teams particularly vulnerable to scams this time of year, a security software firm has warned.
Security software provider Eftsure has reminded businesses that end of financial year is often the time when scammers will look to target accounts payable teams as they are often busier and more stressed than usual.
"Scammers are aware of the flurry of admin duties, and they capitalise on feelings of urgency and chaos to trick beleaguered staff into making the wrong payments or giving the wrong information to the wrong people," Eftsure said in a recent article.
"Stressed staff are more likely to skip important controls or overlook the red flags that can identify a scam."
In 2023, victims lost around $2.74 billion to scams according to data from Scamwatch. Around $4 million was lost by false billing scams during the 2022–23 financial year alone.
Eftsure said while many cyber criminals are always searching for new technologies and tactics for tricking employees of businesses, many will stick to the playbook of what has been successful in the past.
The security software firm said that phishing scams, for example, will again likely surface this time of year where scammers impersonate legitimate sources such as the ATO or a financial institution and request personal or financial information.
"It’s important to remember that the ATO will never request sensitive information via email or phone, so be wary of any unsolicited requests," the firm said.
Business email compromise attacks are also common this time of year where cyber-criminals access a company’s email system and impersonate staff, such as the CEO or CFO, to request fraudulent financial transactions.
Scammers are known to use effective psychological tricks to fulfil these kinds of attacks.
"For example, scammers seek to deceive their victims into acting quickly, creating urgency. AP staff need training to help them identify which emails are legitimate and which are suspicious.
Accountants payable teams should also be vigilant for false billing scams sent to businesses to deceive staff into paying for goods or services they never received.
"To protect yourself and your suppliers against these EOFY scams, it’s important to stay vigilant and adopt measures that minimise your risk. This includes basic security hygiene, such as multi-factor authentication and choosing strong passwords," the firm said.
Eftsure said it is important that businesses foster a strong security culture as EOFY approaches.
"This includes raising awareness about EOFY-specific risks, identifying EOFY scams and educating employees on how to differentiate between genuine and suspicious messages," it said.
It also said that CFOs play a crucial role in creating an environment of openness and transparency regarding potential data breaches.
"By encouraging staff to report any potential risks, organisations can cultivate a culture that motivates employees to be more proactive in identifying and reporting suspicious emails," Eftsure said.
"Staff should never feel shy to raise their hand and ask if a message is legitimate, or to promptly inform someone if they think they’ve clicked on something dodgy."
