As the term “social distancing” has burst into our daily vocabulary, we are in a new territory of conducting daily business through remote working situations. While this taught us new lessons in creative adaptation, it has also created fresh opportunities for corporate fraud. Protecting yourself, your company, and your employees from these new fraud threats during the COVID-19 outbreak is essential.
Business Email Compromise Attacks
On March 3, 2020, the FBI issued a Private Industry Notification warning companies that fraudsters were abusing the Microsoft Office 365 and Google G Suite platforms as part of widespread Business Email Compromise (BEC) attacks. The rapid and extensive shift to a remote-based workforce has created a prime opportunity for BEC and other social engineering attacks. In these types of schemes, fraudsters pose as someone from within the victim’s company and request sensitive business or personal information.
For example, a fake HR Director may contact an employee instructing them to forward employee W-2s. While the request may be unusual, today’s circumstances are far from ordinary. It is entirely plausible that your company’s HR Director, who does not have access to information located in your now closed, requests the information directly. Because they hide behind a mask of legitimacy, these fraudulent requests have high rates of success.
To combat BEC and Social Engineering attacks:
Unfortunately, fraud doesn’t exclusively emerge from the outside of an organization. When management and other key departments are busy navigating a pandemic, things like internal controls and anti-fraud efforts often take a back seat. While understandable, these refocused priorities make the organization increasingly vulnerable to attacks from within. When the perception of possible detection decreases within an organization, some employees may be tempted to take advantage when the normal watchdogs are visibly distracted and/or very likely overwhelmed. Remember the fraud triangle: pressure, opportunity and rationalization all tend to increase dramatically in times of uncertainty and unrest.
To combat attacks from within:
COVID-19 and our efforts to fight infection through remote-working arrangements will be a reality for the foreseeable future. With fraudsters working overtime to develop new ways to take advantage of this crisis, we must remain informed and vigilant in our anti-fraud efforts.
While we may not always control what is happening around us, we can—and in fact we must—manage our reactions to it. As always, the team at GLEASON is here to help you manage the fraud risks that your organization may face today and every day. We will get through this together.
For more information about GLEASON’s forensic accounting and fraud mitigation/detection experience and expertise, please visit read more here.