While implementing internal controls to protect organisations from fraud and cybercrime takes time, it is imperative that strict controls are in place to mitigate opportunistic as well as organised fraudulent activities, says Ryan Mer, CEO of eftsure Africa, a Know Your Payee™ (KYP) platform provider.
In recent years, cybercrime has transformed from a solitary activity to an increasingly organised, network-driven operation. Cybercriminals have adapted their recruitment tactics, leveraging the internet to target professionals with specialised skills in finance, accounting, law, and IT. They offer attractive employment terms, bonuses, and promotions, making their job adverts appear legitimate. Because cybercrime is financially motivated, accounts payable and finance teams tend to be on the frontlines.
As cyber threats continue to evolve and grow, finance leaders should have an understanding of how cybercriminals might go about recruiting employees in specific roles and take steps to protect their organisations. Some of the most common types of roles that cybercriminals look for include account or money mules, who are responsible for transferring funds and laundering money and account managers, who handle the finances and operations of the cybercrime organisation.
Cybercriminals use various recruitment methods, including dark web advertisements, social media, personal connections, hacking contests, online forums, chat rooms, and even legitimate job boards. By understanding these tactics, businesses can better prepare themselves against potential recruitment attempts, cyber-attacks and attempts at payment fraud.
To counteract cybercriminal recruitment efforts, businesses should consider the following strategies:
- Increase awareness: Educate employees about the risks associated with working for cybercriminals and encourage reporting of any suspicious recruitment attempts. Cybercriminals rely on grooming targets who they believe are able to assist them, either wittingly or unwittingly, in achieving their aims. One obvious, but often overlooked method of doing so is through online romantic relationships. Cybercriminals trawl sites like LinkedIn for individuals in finance departments and accounts payable and begin making the process of making a personal connection. Once the target is emotionally invested in what they believe is an authentic relationship, they are more likely to comply with strange requests to transfer funds from one account to another or open an attachment to their company email address that contains malware.
- Strengthen security measures: Implement robust cybersecurity protocols to deter attacks and minimise data exposure to cybercriminals. Creating a fraud prevention ecosystem is the most effective way to mitigate risk and stop payment scams in their tracks. Even the best ERP systems cannot protect you from a malicious actor while a platform like eftsure can help limit the risks of internal fraud and attacks like Business Email Compromise (BEC) by quickly and easily cross-referencing the payments an organisation makes with verified bank account details, before every payment is released.
- Foster an open and positive work culture: Create an environment that values open communication from employees as well as opportunities for growth and development.
By prioritising cybersecurity and investing in talent retention and acquisition, finance leaders can mitigate some of the risks inherent in an ever-evolving cybercrime landscape that includes social engineering, malicious software, phishing, ransomware, and BEC. As cybercriminals become more sophisticated in their recruitment tactics, businesses must remain vigilant and proactive in protecting themselves from potential payment fraud and other cyber-attacks.