Finance and Accounting just can’t catch a break from cyber-thieves! This time the keepers of your company pocketbook – Accounts Payable – are the targets of a new business email compromise (BEC) scam.
That warning comes straight from the FBI in a new alert.
The route in this time? Gift cards.
A whopping 1,164 complaints have been filed thus far about this specific scheme.
To keep your business from being No. 1,165, here’s what you and your team need to be on the lookout for.
‘Tis the season
Let your A/P staffers know: Someone pretending to be a member of your management team will ask your payables staffer to purchase gift cards for business reasons.
And the request could come via email the way these scams usually do – or via phone call or even text.
Naturally, this couldn’t come at a worse time! After all, this is the season when businesses may be buying gift cards as tokens of appreciation or holiday gifts for their employees, customers, etc.
Which makes a convincing scam sound all the more plausible … and increases the odds a member of your team falls for it.
Payroll at risk for a different scam
Of course this isn’t the first time in recent months one of your finance departments had a bullseye painted on them for a BEC scam.
The FBI recently released a bulletin warning Payroll about this scam, which attempts to steal employees’ login info through a phishing email that’s designed to look authentic.
If employees click any links in the message and enter their login credentials, scammers can use that to access their online payroll accounts and change their direct deposit info without the victims knowing.
Instead of going to the right account, their paychecks are sent to one the criminal controls. Often, the fake account is connected to a prepaid card that can’t be easily traced.
Although the scam’s targeting workers at companies of all types and sizes, it’s especially prevalent in the education, healthcare and commercial airway transportation industries.
To keep from getting hit on this front, be sure to verify any requests to change direct deposit info directly with the employee first. You may also want to talk with your payroll system vendor to see if there are any additional safeguards you can put in place when these requests are made, such as two-factor authentication.
Which is why it’s critical to stay on top of all the newest incarnations and to warn your team of exactly what to watch for. CFO Daily News will keep you posted.