Defence Against Fraud and Cyberattack

COVID-19 pandemic is a social, public health and economic crisis, but it is also proving a lucrative opportunity for fraudsters, organised crime gangs and hackers, with a significant increase in the number of fraud events and cyberattacks since the onset of the crisis.  At a time of degraded operations and personal anxiety, organisations and individuals are at their most vulnerable, so how can treasurers protect their financial and data assets, and shield their employees, at such a challenging time?  Many of us are working and socialising in different ways, from Zoom meetings and exercise classes to Houseparty quizzes and drinks parties. Criminals are exploiting this new traffic, such as fraudulent meeting invitations, to spread malware. 

“We started to see coronavirus-related malware campaigns at the start of 2020. These continued in February but have expanded massively in March and April. During this period, we have seen a 500% rise in COVID-19-related phishing emails, and three or four campaigns targeting 200,000 users or more every day. In a period of one week alone, over 50,000 malicious domains relating to the pandemic were registered for fake apps and information sites etc., designed to harvest user credentials and create misinformation and deception campaigns.”— Ingvar Van Droogenbroeck, Partner, PwC

The risk of fraud, whether originating internally or externally, has also increased during the crisis. People are more isolated, and therefore more susceptible to fraud, particularly given additional distractions of children at home, personal anxiety and possible sickness. Business continuity processes and controls may differ from normal if access to treasury tools is reduced and/ or staffing levels are constrained.  

A Time of Heightened Vulnerability

All industries are vulnerable to the elevated risk of fraud and cyberthreat, but many criminals have targeted healthcare sectors and hospitals in particular, as they seek to exploit the extreme pressures that these organisations are facing. Identity theft continues to predominate, but fraudsters have quickly adapted to current events and exploited the crisis. We are seeing a particular surge in supplier fraud as criminals pose as suppliers of medical and protective equipment, but other types of identity theft, such as CEO and technician and support fraud still pose significant risks.  

“Fraudsters setting up professional-looking websites and posing as genuine suppliers are exploiting many companies’ urgency to acquire equipment such as face masks and sanitizer. Some organizations have experienced losses of hundreds of thousands and in some cases, even millions of euros. As a variation on CEO fraud, scammers are using the crisis to request the urgent transfer of funds, for example in order to make charity donations.Treasurers are reporting fraudsters impersonating subsidiaries. Highly convincing emails and phone calls are claiming a lack of liquidity during the crisis and requesting funding, but using fraudulent bank details. Fake technician fraud is also prevalent, such as pretending to be the bank to help resolve incorrect or incomplete payment files.”— Nicolas Trimbour, Head of Fraud Prevention and Data Intelligence, Cash Management Competence Centre, BNP Paribas

Tackling the Fraud and Cyberthreat

Tackling the changing but ever-present threat of fraud and cyberattack is not a responsibility for one department alone, but a shared responsibility in which every individual plays their part, for example:  

IT Departments

• Secure remote working practices
• Regularly test infrastructure security and ensure remote defence capability
• Protect and keep users informed about changing threats, such as email spoofing, phishing and malware campaigns and remind them about good practices e.g. checking email addresses, not clicking on suspicious attachments etc.
• Central user and permissions management as far as possible  
  
  

Treasury

• Ensure that processes and controls remain as rigorous as possible given the extraordinary circumstances. Allow extra time for key tasks wherever possible to avoid decisions or actions being taken hastily or under pressure 
• Build backups into approval processes and provide mobile systems access to critical business users to allow remote approvals 
• Centralise master data handling whenever possible 
• Digitise processes as far as possible, avoiding manual, particularly undocumented workarounds, as far as possible 
• Ensure systems deliver end-to-end traceability and drill down on individual transactions 
• Use data analytics wherever possible as an additional layer of protection. Be particularly careful when dealing with new clients and/or suppliers 
• Sanctions screening, for example, can be another potential line of defence.   
  
  

Payments

• Remain vigilant about the risk of supplier or other identity fraud. Check and double check that you know who you’re communicating with (by recontacting them using known and verified details), particularly when onboarding suppliers or amending suppliers’ settlement instructions 
• Do not assume that callers are who they say they are (and do not trust caller ID) and never give anyone bank or security codes 
• Check with a manager if you have any doubt before executing a payment 
• Participate in community fraud prevention and supplier validation programmes such as SEPA Mail Diamond in France.  
  
  

Senior Management

Make sure that employees know that you will never ask to make urgent payments that do not follow normal procedures. Make clear in your policy that refusing to act on an instruction that is outside normal processes would never be a disciplinary offence.

A Collective Effort

Human vulnerability is the most difficult to resolve, but system and organisation weaknesses are easier to identify and address. 

“We do test phishing campaigns and see how users act upon them, as well as send emails with benign malware to test whether emails pass through firewalls and other defences, and arrive in end user mailboxes. We also conduct network compromise assessments to determine whether networks have been breached, often weeks or months ahead of attacks actually being exploited. Parameter scans identify elements that are accessible from outside the organisation and that may be susceptible to attack.”— Ingvar Van Droogenbroeck, Partner, PwC

In addition, banks such as BNP Paribas provide extensive materials, awareness kits and value-added solutions to help advise and protect clients against fraud and secure their flows.

“The corporation itself is the first line of defence, so companies need to maintain segregation of duties, including four-eye and six-eye verification of key actions, as far as they possibly can during the crisis. The bank is the second line of defence, and we have invested in sophisticated detection tools to identify transaction anomalies using machine learning and artificial intelligence. We also participate in community efforts, such as SEPA Mail Diamond in France to work collectively to verify settlement instructions”— Nicolas Trimbour, Head of Fraud Prevention and Data Intelligence, Cash Management Competence Centre, BNP Paribas

Is There an End in Sight?

It would be wrong to assume that as some countries start to relax restrictions, that the threats will disappear. 

“We see the crisis in three waves:
i) ‘survival mode’ that we are in currently;
ii) the restart period as restrictions start to lift, and
iii) the longer term rebuild phase.
While it might appear that the greatest opportunity to abuse systems and practices is during the first of these periods, the risks of fraud extend into the medium and long term as uncertainty remains and new opportunities for fraud emerge”— Rudy Hoskens, Partner, Head of Forensic Services, PwC

When people start returning to work, for example, businesses will be buying up masks, cleaning products and handgel to maintain a safe and hygienic working environment, so fraud is likely to increase at that time as fraudsters take advantage of demand.  However, the COVID-19 crisis has shown us how adaptable individuals and organisations can be, and the ingenuity and resourcefulness of so many people. Together, we can channel that same resolve, adaptability and common purpose to protect employees and assets, and reduce both the opportunity and value that fraudsters can derive from the crisis. 

“Fraud and cyberattack are on the rise. If something doesn’t look or feel quite right, don’t do it”— Ingvar Van Droogenbroeck, Partner, PwC“Stay informed about the potential threats, and remain vigilant”— Nicolas Trimbour, Head of Fraud Prevention and Data Intelligence, Cash Management Competence Centre, BNP Paribas

“Use analytics wherever possible as an additional layer of protection. Be particularly careful when dealing with new suppliers.”— Rudy Hoskens, Partner, Head of Forensic Services, PwC

2020 is the fifth anniversary year of the Journeys to Treasury partnership, comprising BNP Paribas, European Association of Corporate Treasurers (EACT), SAP and PwC. We are marking this special alliance with a ‘Journeys to Treasury Bitesize’ series, providing topical insights and support for treasurers as they navigate this challenging period.