Fraud never sleeps, and the corporate finance department cannot afford to stay behind on the ever-changing strategies of fraudsters. This week’s B2B Fraud Tracker looks at the latest cases and allegations of fraud, which show rising sophistication in fraudsters’ tactics: internal bad actors are no longer acting alone, BEC scams are no longer reliant on chance and financial institutions face a growing trend in loan fraud.
Mixing Internal and Internal Fraud
New scrutiny has hit a Pennsylvania public transport authority, SEPTA, with sources telling The Philadelphia Inquirer that allegations of fraud have led to involvement by the Federal Bureau of Investigation. An FBI inquiry into the allegations is centered upon claims of fraudulent spend within SEPTA and misuse of the authority’s procurement cards — a common source of internal fraud for both private and public entities.
However, the case is also a unique instance of fraud stemming from both within an organization and from a third party.
According to reports, there are allegations that a handful of managers within SEPTA cooperated in a fraud scheme with one of SEPTA’s vendors, which is facing claims that it submitted false invoices along with legitimate bills. P-cards were used to settle those fraudulent invoices, the allegations say, and the money went to those managers and the third-party vendor.
The case is ongoing, reports noted, and sources told the publication that SEPTA is waiting for the FBI to finish its investigation before it decides what action to take.
A New Twist On the BEC Scam
Separately, researchers at Agari are warning of Silent Starling, the newest cybercriminal ring using a Vendor Email Compromise (VEC) scam to steal company cash from supply chains.
According to researchers, hackers infiltrate the email accounts of employees within a B2B supplier’s finance departments, including accounts receivable and procurement. After spying on email correspondents, those hackers then use that information to craft strategically-timed emails requesting an invoice payment — a sophisticated iteration of the Business Email Compromise (BEC) scam that is “particularly hard to spot,” Agari warned.
“Our visibility into Silent Starling’s operations has given us a direct and in-depth look at how the entire VEC attack chain unfolds,” said Agari Cyber Intelligence Division Head and Senior Director of Threat Research Crane Hassold in a statement. “VEC is the next evolution of business email compromise. These attacks will continue to increase in frequency over the next 12 to 18 months because the financial return for scammers is very significant.”
Pointing to FinCEN data, Agari warned that the average price tag of falling victim to a VEC scam is more than $125,000 — significantly more than the classic BEC scam that costs an average of $50,000.
Smaller Lenders Fall Victim
Financial institutions are no stranger to loan fraud, but a new report from LexisNexis warns fraudsters are increasingly moving from consumer loans to small business loans — and smaller institutions are paying the price.
In its 2019 Small and Mid-Sized Business Lending Fraud Study, LexisNexis Risk Solutions finds that the threat of small business loan fraud is on the rise, with fraudsters stealing or falsifying identities to obtain a small business loan, or applicants taking out a small business loan without intent to pay.
Researchers found that smaller banks and credit unions are disproportionately impacted by this trend, too: while large banks lose an estimated 2.9 percent of overall revenue to lending fraud, that figure jumps as high as 5.8 percent for small banks.
And as small business lending continues to move online, LexisNexis warned that financial institutions will continue to see this threat rise: cyberattacks that target new small business customer account creation have increased by 35 percent in the last six months, the report said.