Cyber Brief for CFOs: September 2024
Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Deepfake scams hit half of US and UK businesses
A recent survey by Medius reveals an alarming rise in deepfake-powered financial scams that target businesses. According to the research, over half of US and UK companies have faced such attacks, with 43% falling victim. 85% of finance professionals view these scams as an existential threat to their organisation’s financial security.
Deepfakes, AI-manipulated media, are increasingly used by criminals to con businesses. The scams often combine phishing techniques with social engineering and AI technology.
Deloitte predicts AI-enabled fraud losses could reach $40 billion in the US by 2027. High-profile cases — like the scam that resulted in Arup losing millions earlier this year — highlight these attacks’ sophistication and potential impact.
Study: dark web exposure tied to risk of cyber attack
According to a new study by Marsh McLennan's Cyber Risk Intelligence Center, organisations that appear in dark web market listings or tied to compromised accounts on the dark web are more than twice as likely to experience an attack.
It makes sense given that we know financial details are sold for cheap or even shared freely on the dark web. But how do you know whether your details have been exposed? A good starting point is our data breach checker , which can help you understand whether your personal email (or work email) has been involved in a breach.
1.7m individuals' credit card details exposed in Slim CD breach
In an incident that impacts nearly two million customers , hackers had access to the network of a prominent payment gateway provider, Slim CD, for nearly a year. The company recently notified customers that their credit card information, including numbers and expiration dates, may have been compromised.
领英推荐
While the unauthorised parties were able to view credit card information for only a few days, they also gained access to information like full names and physical addresses. Even if the information by itself is not enough to carry out financial fraud, we've explored how fragments of information can facilitate further attacks and scams. The more information scammers have about you or another person, the more efficiently they can hone their tactics or impersonate others.
Invoice fraud nearly wipes out Western Australia business
A Western Australian small business narrowly avoided financial ruin after falling victim to a $50,000 invoice scam . Wade Brown, director of Pure Glass WA in Margaret River, discovered unauthorised transfers from his company’s account to a fraudulent AMP account.
Despite swift action to alert Bankwest, the funds were not recovered. The bank denied liability — a position supported by the Australian Financial Complaints Authority.
The scam likely originated when a fraudster posed as a Telstra employee during an internet outage. Brown maintains that accessing the funds should have been impossible without a secure token. The incident illustrates a few concerning elements of today’s threat landscape:
Australia's Consumer Data Right to see 2025 reboot
The Australian federal government has announced a “reset” of the Consumer Data Right (CDR) to improve uptake and reduce access costs. Assistant Treasurer Stephen Jones launched a month-long consultation , citing high regulatory burdens and low consumer engagement as key issues. A recent report by Heidi Richards echoed industry concerns about the costly and ineffective rollout. However, fintech leaders remain divided, with some optimistic about CDR’s potential.
The government aims to expand CDR to non-bank lending by 2025, following a strategic review in 2024.