New Scam Alert: Don't Fall For Phishing Scam for Amazon Overdue Bills

Amazon Web Services Scam.jpg

The scam email claims to be from Amazon Web Services and uses a realistic logo and font to inform users their "services have been suspended." The overdue amount is a middling $4.95, and clicking the link to take care of it transports you to a landing page with space to enter your Amazon account information. Once entered, you're kicked to the real Amazon.com.

By then, hackers already have your Amazon username and password.

Komando has the full story here.

6 Phishing Attacks and How to Combat Them

6 Common Phishes.jpg
  1. Deceptive Phishing

  2. Spear Phishing

  3. CEO Fraud

  4. Vishing

  5. Smishing

  6. Pharming

Have you heard of all? Do you and your staff know how to combat? Tripwire has the full story here.

If you work in Accounts Payable, check out my Authentication Guide to authenticate vendors when they call on the phone or send an email.

New Scam Alert: New Silent Starling Gang Targets 500+ Vendors in BEC Scam Twist

New Scam Alert:   New Silent Starling Gang Targets 500+ Vendors in BEC Scam Twist

The twist is something called vendor email compromise (VEC). Rather than targeting executives at your company in a traditional business email compromise (BEC), the cybercriminals will hijack an employee’s account at your vendor and monitor to see the pattern of invoices/payments, etc. Once the know the pattern of invoices and payments, they will send a fake invoice, request bank details change and get away with a fraudulent payment.

How do you combat? Add authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments.  http://bit.ly/2AKLNAF http://bit.ly/2wN2Lvv

Bleeping Computer has the story here.

New Scam Alert: Fake Voicemail Notifications in Email as Bait

New Scam Alert:  Fake Voicemail Notifications in Email as Bait.jpg

Scammers try to access Microsoft services using fake voice message. Make your employees aware not to click the link that will request a sign-in to a phishing site to steal their Microsoft credentials.

Kapersky daily has the story here

October 2019 National Cybersecurity Awareness Month

Debra R Richardson, LLC is a National Cybersecurity Awareness Month 2019 Champion. We're committed to #BeCyberSmart – are you? #CyberAware staysafeonline.org/ncsam/champions/

Follow #StayCyberHappy during October for my Daily Tip to Protect You, Your Vendors & Your Company!

We're a Champion.png

New Scam Alert: Phishing Abuse of HTTPS and 65% of BEC Scams Target Gift Cards

New Scam Alert:   Phishing Abuse of HTTPS  and 65% of BEC Scams Target Gift Cards

Security Boulevard reported that APWG released findings that in Q2 of 2019 more than half of phishing sites have HTTPS, which makes the site appear legitimate.

The findings also revealed that over 65% of BEC attacks are focused on getting obtaining gift cards. How do you combat? Train your staff to spot these threat actors through the requirement to send the gift card numbers. Also, add a policy that leadership will not ask the employees to request gfit card numbers, only tunr over the actual cards or send via by mail.

Security Boulevard has the story here.

New Scam Alert: Watch Out for Links to Sign Into Your Office 365 Account

APWG Phishing Continues to Rise, Threat Actors Love Gift Cards.jpg

Think you are getting a Non - Disclosure Agreement? Not. Cybercriminals are posing as Vendor Capitalists and Private Equity firms. The emails have no grammatical errors and the goal is to steal your Office 365 credentials.

Security Boulevard has the story here:

New Scam Alert: Change Your Calendar Settings to Avoid Fraud

Scam Alert:  Change Your Calendar Settings to Avoid Fraud

Cybercriminals are taking advantage of your calendar settings to automatically add invitiations. Fraudulent links or downloads are included in the invite, which is more likely to be accessed by the user since their guard may be down in calendar assuming they forgot they accepted the calendar invite.

Change your (Google, Outlook, etc) calendar settings to not automatically accept invitations.

The Better Business Bureau has the story.

IOFM: Annual APP2P 2019 Fall Conference and Expo | October 15-17

IOFM 2019 Fall Conference.jpg

The Institiute of Finance and Management has an annual Spring and Fall Accounts Payable and P2P Conference. This years annual Fall 2019 conference is changing from the previous years’ Las Vegas, NV venue to the Westin Kierland Resort in Scottsdate/Phoenix, AZ from October 15-17, 2019.

The conferences offer plenty of networking and training with workshops, breakout sessions, and the ability to walk away with a certification or two!

Learn more here: https://events.iofm.com/conference-fall/

AP Appreciation Week & AP Fraud Week - AP Now: October 7 - 11, 2019

AP Now Appreciation Week 2019.jpg

Debra R Richardson LLC is a proud supporter of AP Appreciation Week (October 7- 11, 2019) which will also be AP Fraud Prevention Week. Everything we do this week will be focused on helping you protect your organization against fraud. There is absolutely no charge to participate. 

This year, the focus is fraud prevention. Every professional concerned about protecting their organization against fraud is invited to participate. 

How to Participate: You can register to participate simply by sending an email to publisher@ap-now.com with the words "AP Week" in the subject line. 

Again, there is absolutely no charge for any of this. 

As in the past we'll have a free give-away each day as follows: 

• Monday - join us for Payables Anatomy where we'll provide you with a Fraud Prevention checklist 

• Tuesday - join us for Payables Investigators where we'll share an article loaded with tips on how you can prevent fraud. 

• Wednesday - play Payables Fire with us as we share a quiz you can use to test your Fraud Prevention knowledge 

• Thursday - join us live for This is Payables where everyone is welcome to attend our new webinar, How to Recognize New Frauds in Accounts Payable. If you can't make the live presentation, we'll share a link that will be good until the end of the month. 

• Friday - Play Game of Payables with us as we share a puzzle with a Fraud Prevention Twist 

Each morning, except Thursday, you will receive an email with the item shown above. 

How to Participate: You can register to participate simply by sending an email to publisher@ap-now.com with the words "AP Fraud Week" in the subject line. 

Again, there is absolutely no charge for any of this. All participants will also receive AP Now's twice-a-week news alert. 




North Carolina county falls for BEC scam, to the tune of $1,728,083

Debra R Richardson.jpg

The North Carolina county of Cabarrus, in the US, says that it’s managed to claw back only some of the $2,504,601 it paid to a scammer posing as a contractor working on building a new high school.

The crooks used social engineering – specifically, what’s known as a Business Email Compromise (BEC) scam – to pose as Branch and Associates, which is a general contractor that’s working on building a new school for the Cabarrus County Schools District.

The scam came to light after Branch and Associates sent a courtesy notice about a missed payment on 8 January. County staff confirmed that the electronic funds transfer (EFT) had, in fact, cleared the month before.

County officials next notified the bank to which the $2.5m was transferred, Bank of America. The bank managed to freeze $776,518.40 of the $2,504,601 that remained in traceable accounts.

Continue reading on Naked Security.


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

Cabarrus County hires consultant to help train, protect future assets after scammed out of millions

Cabarrus County hires consultant to help train, protect future assets after scammed out of millions.jpg

CONCORD – Social engineering and phishing scams are becoming more prevalent among companies and organizations.

The Cabarrus County Government disclosed Monday night that they are still missing more than $1.7 million after a social engineering scam diverted a $2.5 million vendor payment made by the county.

To protect their future assets, the county hired Oklahoma-based accounts payable consultant Debra Richardson to train staff and redesign its vendor processes and review vendor files.

She consults, trains, provides tips and gives directions to accounts payable teams on how to avoid sending out a fraudulent payment.

Read the rest of the Chicago Tribune article here


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

How I Helped Cabarrus County After Their Social Engineering Scam. I Can Help You Too...

How I Helped Cabarrus County After Their Social Engineering Scam.jpg

Great mention of my services: "Cabarrus County government targeted in social engineering scam" - Business Today http://bit.ly/2YvzSPC


Authentication. Validation. Management. TM.jpg

Use authentication techniques, internal controls and best practices in Vendor Setup & Maintenance to protect your vendor master file from fraud.

BEC Scammers Turn to Aging Reports in New Twist

BEC New Twist.jpg

Don’t be tricked to giving your AP Aging Report - they are gold to scammers. Read the post from Info Security here.

Add authentication techniques, internal controls and best practices to reduce the potential for fraudulent payments.

 
 

Guest Appearance: Protecting your accounts payable function from cyberattack

 
Cyber Risk Management Podcast.jpg
 

Click to Listen

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Newman DuWors LLP, talk with guest Debra Richarson about how finance professionals should protect their company from common financial cyber fraud.

AP Recognition Week - IFO: October 7 - 11, 2019

IFO 2019 Recognition Week.jpg

Celebrated the second week of October, AP Recognition Week is organized annually by The Institute of Financial Operations to honor the men and women in Accounts Payable and their dedication, drive, and accomplishments as financial operations professionals.

What are you doing with your team?

Need Gifts? Putting the AP in hAPpy gifts here.

Find more information on the IFO Website here.

In the UK: AP Association Conference & EXPO - October 15, 2019

Every year, the Accounts Payable Association organises a Conference and Expo aimed at educating, training and enhancing the professional development of its participants.

This year’s main theme and focus for this conference is Leadership & a Career in AP and it will take place on 15 October 2019.

Want more information? Email - info@ap-association.co.uk or learn more on the conference page: https://www.ap-association.com/annual-apa-conference-and-expo/