Invoice Fraud taking Queensland by Storm – what you need to know
As you may have heard a number of Queensland Organisations have been hit by invoicing scammers impersonating senior leaders, such as directors and CEOs, and sending fake emails to unsuspecting staff or debtors requesting payments.
Hundreds of thousands of dollars have already been reported stolen with many businesses still unaware they have been hit. We have even seen one of our charity clients suffer an attempted fraud in exactly this manner. Luckily the organisations employees took the appropriate action by halting payment of any amounts until the CEO could be contacted for confirmation, thus saving the organisation from losing many thousands of dollars in donations and grant funding.
Businesses are advised to be suspicious of unexpected emails containing urgent demands for large sums of money by any person – including CEOs and other senior leaders – and are urged to verify the requests directly with the person involved, and follow all governance, due diligence and cash payment processes established by the organisation.
To help protect your business against invoicing scams, CERT Australia, the Government’s national computer emergency response team, recommends the following steps:
- Consider adding a second method of verification for large financial transfers, such as verbal verification between employees.
- Alert employees to be vigilant with regard to these incidents, especially those conducting or authorising wire transfers or similar financial instruments.
- Do not reply to the email.
- Sender Policy Framework (SPF) checking should be implemented to detect and prevent sender address forgery.
- Review network logs for evidence of the indicators provided in this Alert.
- Configure mail servers and mail scanners to block and remove emails with the indicators provided in this Alert.
- Report identified activity to CERT Australia.
To stay abreast of these types of scams and to receive future scam alerts visit Stay Smart Online and subscribe to the “Alert Service” provided by the Department of Communications.
Our auditors often find that controls around “masterfile" access and changes are particularly poorly implemented in most organisations control environments. Improvements in these areas are a key part of reducing the fraud risk for any organisation.
Audits play a crucial role in having visibility of controls, as well as managing and minimising the risks in a business. At Hanrick Curran our risk-based audit approach focuses on systems and internal controls, enabling pinpoint analysis of areas of risk, weaknesses in control and inefficiencies in business processes. To leverage our experience to reduce the risks in your business operations contact your usual Hanrick Curran adviser or speak to our Audit Directors, Matthew Green or Michael Georghiou on 07 3218 3900.
Authored by Lara Lonsdale and Matthew Green.
Please note that this publication is intended to provide a general summary and should not be relied upon as a substitute for personal advice.