In 2022, scammers used deepfakes to trick cryptocurrency project founders into meetings. Deepfakes – artificial images or videos – are only one of the types of fraud that can occur in business. In this article, find out about the most dangerous types of fraud and how to fight them.
What is invoice fraud?
Invoice fraud might happen in two ways. The first involves a fraudster sending an invoice or payment request that is illegitimate hoping that it will be paid. A criminal sets up a shell company and invoices without providing any deliverables. The vendor does not exist and a busy company may not realize this. The second occurs when a scammer hacks a legitimate vendor’s email and sends false invoices from a true vendor.
By paying the invoice, companies are engaging in fraudulent transactions.
This type of scam cases affect companies without a fraud prevention strategy and contribute to financial losses. However, this wouldn’t be the only repercussion after the report of fraud is made public. Their relationships with customers could suffer due to a lack of trust after this system breach. These customers may look to find the services elsewhere. Additionally, other impacts include supplier reputation and company image.
Forbes’ Financial Professional Census found that the estimated cost of invoice fraud to middle markets businesses is a huge $280,000 per year. The cost of this activity all adds up. Even huge businesses like Google and Facebook have been caught out by this crime. A man duped the two companies out of more than $120 million using forged invoices, as well as fake emails and a fake business. This money was wired to bank accounts run by the fraudster which he then laundered to other accounts in different countries including Latvia, Cyprus, and Lithuania.
Both organizations have since got back most or all of the money lost and the fraudster was sentenced to five years in prison after pleading guilty to wire transfer fraud.
What makes CEO fraud dangerous?
CEO fraud describes a situation when an attacker may pretend to be your CEO, founder, or a high-level executive in the organization. Then, the fraudulent individual emails someone in the business who has dealings or access to company money. They may ask for an urgent fund transfer or access to sensitive data. The person using a false identity may use a desperate tone of voice to pressure the employee into a quick transfer to complete the scam. CEO fraud can be used to carry out bank account fraud.
FBI statistics say that CEO fraud is now a $26 billion scam.
There are a few ways to commit CEO fraud:
- Business email compromise
Business email compromise
Business email compromise involves using the CEO’s name and correct email address to impersonate them. The attacker could opt for a reply-to email address that is different from the CEO’s address so the reply goes straight to the fraudster. The employee may believe it is the actual CEO and make a transfer of funds or reveal confidential information.
Spoofing means that the offender will mimic the CEO but with a different email address. This is often a technique used in a phishing attack. It may be that the email address is only slightly different by a letter or two and this makes it hard to notice. This will mean the attacker hopes the attempt of financial fraud or information fraud is not noticed.
For example, the perpetrator may use an email with the address @trostpair.com as opposed to @trustpair.com – the real domain name. Without careful checks undertaken by the recipient and given that full email addresses aren’t always displayed right away, it is easy to be fooled. Spoofing is also commonly found in insurance fraud scams.
How does deepfake fraud work?
Deepfake occurs when a digitally altered image or video that shows someone saying or doing something that they are not. It can be very dangerous for that exact reason and drastically affect the reputation of the victim.
It can appear that a CEO has sent a video or called someone on the phone asking for the transfer of funds to a different account or banking provider. This is usually done with a sense of urgency. However, it isn’t actually the CEO who is behind it.
Deepfake scams are on the rise. Occurrences of this fraud have multiplied by 31 times from 2022 to 2023. It is one of the types of fraud investigation teams will have their work cut out dealing with, given how fast fakes can spread on social media.
In 2019, over in the UK, the chief executive of an energy firm got a call from his boss who was the chief executive of the organization’s parent company in Germany. He was asked to send nearly $240,000 into the account of a ‘Hungarian supplier’. However, this was not legitimate and it was a case of a deepfake – this form is known as vishing. The person committing the crime had used artificial intelligence voice aid to pretend to be his boss.
What does internal fraud involve?
Internal fraud is reasonably self-explanatory. It is when an employee takes advantage of their position and then misuses assets of the business for personal gain.
As many as 75% of employees in the United States have said they have stolen from their place of work at least once.
Internal fraud includes:
- Theft of cash
- Theft of property
- False invoice claims
- Personal use of an organization’s equipment.
Given that this can happen on a small scale and add up over time. It can take a length of time before the organization switches on to what is happening. An internal fraud event can cost a company $150,000 and a form of internal fraud happens in more than 9 out of 10 (91%) fraud schemes.
What is payment fraud?
Payment fraud happens when a cybercriminal diverts or creates payments illegally. There are a number of payment scams that includes:
- Intercepting a check, altering the details, and trying to cash it in
- Creating fake customer profiles and trying to make false payments
- Using a stolen identity to make transactions on the identity’s behalf
- Stealing a credit card, credit cards, or personal details to make a purchase
- Following a loan, a business may be duped into paying a fee
It is a common and costly form of fraud. Data shows that merchant losses due to payment fraud are expected to hit $362 billion between 2023 and 2028.
Trustpair helps fight and protect against payment fraud thanks to continuous account validation. We check account information (bank account number, business ID, etc) continuously to make sure there is no anomaly or suspicious activity. We alert you in case of any data changes to help ensure security across your payment chain.
Learn more about payment fraud in our latest fraud report!
How does vendor fraud threaten businesses?
Vendor fraud surrounds improper and illegal payments that are made to vendors – real and fake. This is often done through the change of a payment detail request.
It is dangerous as suppliers could be impersonated by fraudsters. To do that, a cybercriminal could tell the victim that their payment details (bank account number for example) have changed and provide new account or card details for the transaction.
A common trick is that they ask for the money to be sent urgently to shorten the exchange, giving the recipients less time to consider what is happening.
Sometimes, the supplier’s email could be hacked and this could appear even more genuine. It may be weeks before managers become aware of fraudulent behavior when the supplier does submit a real invoice.
A good example of this fraud is what happened to Sade Telecom. The group received a request for the change of bank details via post from a well-known supplier and the payment was made. Weeks later they had a late payment reminder and it was then they realized that mail fraud had occurred. They had been a victim.
In this case, a chargeback claim was made but Sade Telecom was still hit with notable financial losses.
Another of the consequences of fraud is that victims will assess and upgrade their processes. Sade Telecom reviewed the security of its payment processes and opted to work with Trustpair to provide real-time checks of bank, company, and database information. Now, fraud events in banking like this won’t have the financial impacts like debt that they have once had. This is thanks to Trustpair’s account validation system and alerts of data changes.
In the modern society we live in, there are many different fraud schemes that businesses ought to be aware of. Some of the most dangerous types include CEO fraud, deepfake fraud, invoice fraud, and asset misappropriation. It is worth taking measures like investing in fraud protection with Trustpair so that you are alerted of any data changes.