A newsletter of the working group FRAUD
Department Cash & Liquidity, Verband Deutscher Treasuer e.V.
Effects of the Corona Epidemic on Finance Departments
Home office changed operating procedures, absence due to illness, process gaps and a lack of digitalization - the corona epidemic is changing and placing a massive burden on our everyday work these days. It is therefore not surprising that the first fraudsters are already taking advantage of this situation.
Already weeks ago, many companies have instructed their employees to work from home. Teams are divided up in terms of space and time to keep the risk of possible infection or illness and its effects on the company and its employees as low as possible. This makes coordination with colleagues and communication channels more difficult, there are no manual signatures or powers of attorney. It is to be expected that fraudsters will take advantage of these new working conditions. The many types of business email compromise (e.g. fake president) will be joined in this situation by new ones.
In recent days and weeks, companies have expanded or extended their representation and power of attorney regulations to ensure that there are no delays in procedures and processes in the event of increased sick leave and that the company is always able to act.
Fraud in payment transactions - how fraudster exploit the current situation
This is where an extended form of "CEO Fraud" comes in: Fraudsters contact employees of the finance department and pose as employees of commercial banks. Bank details can often be found on company letterheads. By asking specific questions the names of authorized representatives can be obtained. Fraudsters pretend to have to contact the new representatives in order to clarify certain formalities. In the next step, the new authorized representative is contacted. The fraudsters pretend to be employees of the commercial bank who ask the representative to release one or more payments. Since especially new authorized representatives often lack the routine or the knowledge about the internal processes and guidelines, the risk of being cheated by fraudsters increases. Other examples are fake calls from suppliers requesting an advance on an emergency account due to the current situation or scanned letters with publicly accessible signatures of board members.
Fraudsters take advantage of the crisis and the fear of corona and offer medical devices, respirators, disinfectants and tests in online fake shops or via SPAM mails. These products are often offered at very low prices. The State Office of Criminal Investigation of Lower Saxony warns to be more vigilant when shopping online. The fear of Corona is shamelessly exploited by fraudsters. But often it is not enough to google the online merchant or check address data, as the perpetrators abuse data from real companies. Therefore, common sense should be used, and a secure payment method should be chosen.
But the danger does not always come from the outside. Cross-border internal fraud can also play a role in such times. Therefore, it is advisable to have daily team telephone conferences in order to stay up to date internally. Are M&A transactions pending, have employees left the company, are subsidiaries experiencing payment difficulties due to the crisis and need "bridge money"? Anyone who is not up to date in this regard runs the risk of falling victim to a scam. Therefore, the top priority is to comply with rules and processes.
Rules for Home Office
Establish rules for working in the home office with your IT experts, the human resources department and/or IT security and communicate the results company-wide. Again, and again, regulations on cyber security are disregarded or are not fully known. It is therefore essential to train and sensitize your employees on the “correct” way of working from home.
The relevance of stringent processes, responsibilities or representation regulations becomes even more important, especially in times of crisis. You should therefore check your work processes and ensure that payment transactions can always be carried out smoothly without opening gates to fraudsters by granting adequate powers of attorney and regulations for substitutes.
Inform the responsible colleagues from the finance departments, but also from accounting and auditing.
Inform and sensitize yourself and your teams regularly. Coordinate also suitable measures with the management of your company.
Participants of the working group FRAUD
Thomas A. Woelk