Webinar recap: Billions at risk - Sleeping security threats lurking in your supply chain

It was a great pleasure to host Gavin Levinsohn, Chief Growth Officer at Eftsure, as he presented to our audience an insightful and informative session about the growing rate of cybercrime and risks exposed to your organisation and supply chain. 

Gavin’s presentation was brought to life with real case studies and examples, highlighting the fact the threat of cybercrime is a real and a good strategy is essential to keep your employees knowledgeable and your organisation safe. As Gavin explains in his webinar, a good cybercrime strategy is broader than Felix and Eftsure but the tools we offer are key components in that journey. 

Below is a summary of what was covered.

For B2B payments, banks don’t match BSB and Account Number to Account Name 

While Pay ID and CommBank’s NameCheck have been steps in the right direction to further protect individuals from fraud, there are still substantial limitations around what banks are doing to help combat fraud for businesses. 

A key vulnerability for fraud in businesses is in an organisation’s vendor management, and the validity of vendor details. Fraudsters target an organisation’s processes and internal controls – and by the time you’re checking a payment, it’s late in the piece. 

As banks don’t check payment details against an account name for BSB, this presented a business opportunity for Eftsure and an integration opportunity with Felix.  

Listen in to this section from the five minute mark. 

Cybercrime is a (highly) organised crime 

Cybercrime is a commercial crime and not the ideology of a hacker that Hollywood promotes – they operate as commercial companies with shareholders and KPIs, and they recruit talent. 

At the 11.30 minute mark in the webinar, Gavin goes into great detail about the commercial nature of cybercriminal organisations, how they recruit on the dark web and what countries they tend to operate from.  

When it comes to scams and fraud, the objective is to get money – and the target isn’t your organisations systems, it’s your staff through vendor impersonation and email compromise or even executive impersonation. Gavin speaks to two real-life case studies: 

1. At 19.20 minutes – Gavin provides an example of how a vendor’s email was compromised by fraudsters, asking for bank details to be changed for an upcoming payment. Fortunately, this organisation was already a customer of Eftsure and were able to identify and prevent the scam from happening. This example also speaks to the heart of the Felix and Eftsure partnership as a solution to secure your vendor management so that it’s not vulnerable. 

1. At 25 minutes – Gavin provides another example of an organisation’s executive having their email compromised to impersonate them. Luckily, recipients were knowledgeable of signs that indicate a phishing attack and this was brought to their attention, however this example highlights how it isn’t always about money loss - there’s also legal costs, system downtime and reputational risk when subject to scams or fraud. 

Data breaches and your information on the dark web 

Optus and Medibank were two high-profile data breaches in 2022, and more recently in the news has been Ticketmaster and Ticketek. The size of these breaches are substantial, and criminals dump stolen data on the dark web for fraudsters to buy. 

What can fraudsters do with your personal information? Get some alarming insights from Gavin at the 29 minute mark as to just how easy it is for criminals to create a digital footprint from stolen data and build out a sophisticated scam. 

AI is amplifying and accelerating cybercriminal efforts 

AI is being used to improve the language used in written emails from scammers, to impersonate someone’s voice in a matter of moments and to impersonate likeness through video. At 32 minutes, Gavin provides an example of a deepfake video scam that cost a company $25 million dollars when an employee was led to believe that they were in a video meeting with colleagues, yet they were the only human on the call. And if this isn’t alarming enough, Gavin also explains how companies are selling software and tools to support the business of cybercrime. 

Limitations of manual controls 

At 35 minutes, Gavin briefly explains how all the above scenarios stack up and become a real challenge the manual controls your organisation might have in place, and the need for a suite of controls.  

Having a good cybercrime strategy 

At 35.5 minutes, it’s explained how a good cybercrime strategy has multiple angles to consider: 

• Training: Staff need to know how to stop scams if you don’t know what to look out for. 

• Culture: Having a high-shame threshold encourages staff to speak up when suspicion arises.  

• Internal controls: And the need for organisations to manage staff exits (and get back access controls) really well. 

• Pressure testing: While these tests usually focus on cybersecurity systems, they also need to test financial controls.  

• Technology: Strong vendor management and payment protection needs to be considered in a suite of technology controls.  

Protecting your organisation and its supply chain from payment fraud 

As touched on at various points throughout the webinar, Felix and Eftsure have partnered to take the pain away from vendor account validation process and to provide Felix customers with confidence in knowing that the bank details supplied by vendors are legitimate.  

Kristy Dale, Felix’s Product Marketing Manager, joins Gavin at the 38 minute mark to talk more about a newly released integration to help identify error, fraud and scam attempts during vendor onboarding. 

Further to what’s presented in the webinar, you can learn more about the Felix-Eftsure integration on our website and watch a demo video to see it in action. 

----- 

Learn more about how you can proactively protect your business 

• Watch the webinar in full 

• Or reach out to our team to learn how you can integrate Felix and Eftsure