Cybersecurity Guide for CFOs 2022
The Essential Cybersecurity Guide for CFOs is a must-read for modern CFOs. With the rise of threats like Deep Fakes, it's crucial to be aware of potential risks and learn how to protect your organisation's financial assets from malicious cybercriminals.
Deep Fakes and Payment Scams
Imagine you are the CEO of a large energy firm. One day you receive a phone call from the boss of your German-based parent company. He requests a favor, asking you to make an urgent payment of US$243,000 to a supplier on his behalf, promising reimbursement later the same day.
You have previously spoken to the boss of your parent company numerous times and immediately recognize his German accent. The incoming call is from the correct mobile phone number, so you process the payment.
This scenario actually happened. After the CEO processed the funds, he received a second call, supposedly from the parent company’s boss, stating that the reimbursement had been sent as promised. However, a third call came from an Austrian number, requesting additional funds, which raised suspicion.
Uncovering the Truth
After investigation, it was revealed that the CEO had been scammed. Fraudsters used AI software to mimic the German boss’s voice. The funds were transferred to a “supplier,” then sent to a bank account in Mexico and dispersed to other accounts, making it nearly impossible to trace the fraudsters.
A New Attack Vector
This incident is an example of a new attack vector employed by scammers known as “Deep Fakes.” These scams use sophisticated AI technology to mimic people in video and audio formats. According to the Australian Strategic Policy Institute, Deep Fakes can create new content or manipulate existing content, posing significant risks.
As Deep Fake technology becomes more sophisticated, cheaper, and accessible, there is likely to be an increase in this type of fraud. Tools like Lyrebird allow users to create synthesised voices, making detection difficult.
How can Eftsure help?
The use of Deep Fakes by fraudsters presents a challenge for Accounts Payable teams. Typical controls, like call backs, are no match for such technologies. Eftsure offers a solution by aggregating banking data from over 3 million Australian organisations. Before processing EFT payments, banking details are cross-referenced against this database to verify their validity.
While call back controls remain important, they may be vulnerable to Deep Fakes. Eftsure provides a level of knowledge that call backs cannot achieve, automatically notifying you when banking details match the database or when further investigation is needed.
Contact Eftsure today for a no-obligation demonstration of the power of aggregated knowledge-sharing.
