Social Engineering Frauds- 2021 Stats

Posted by Angela Sarno on Jun 1, 2022 9:45:00 AM

The 2021 numbers are in... and fraudsters are still gonna fraud.

Screen Shot 2022-05-27 at 1.31.37 PMBoth the Association of Financial Professionals 2022 Payments Fraud and Controls Survey and the FBI's Internet Crime Report for 2021 recently published, and while there were no big surprises, there were a couple of points that are worth pondering.

First, the good news!  Attempts and actual frauds appear to be down year over year (71% in 2021 vs. 74% in 2020). There are no conclusive data points to explain why, but there is a notion that education is paying off for those who are usually targeted.  Our counterpoint to this? Fraud tactics evolve all of the timeSo be sure your employee education also evolves at this rate: all of the time.

Second, the bad news!  A good chunk of you (17%!) are not doing any payment beneficiary, aka, supplier banking verification.  And those of you who are? You are not necessarily checking every one of your suppliers banking data in your verification process.  Or, more likely, you believe your process is being followed 100% of the time, but have not actually audited it to be certain.

In February we had a live event with Christopher Arehart, SVP  Product Manager a at Chubb where we were reflecting on the 2021 AFP survey, where 65% of respondents said they had a process in place to verify banking.  From his seat as the product manager for crime, where he sees the aftermath of successful payments fraud scams daily, he offered this:

I would call out these statistics as aspirational, at best. I don't see 65% of submissions (for insurance policies) actually making phone calls. They may have a policy that says you're supposed to be doing it, but when push comes to shove, it's not really happening.”
 
We see this quite a lot in the folks we talk to, and we read a lot about it in the press as well.  As in these two recent examples:

Bernallio County, New Mexico sent nine payments to a fraudster. How?  Their process wasn’t followed, and no one was auditing it. It’s worth noting that in this case, even if the process had been followed, it does not appear to involve verifying the bank account ownership.

St. Peterborough, NH paid a $2.3M price for a “simple human failure to follow established procedures [which] allowed the scam to succeed…” This one was three payments initiated by three different fraud scams in four weeks. In each of these instances, the process was not followed.
 
All of this to say that while it is great the attempts are down, if we expect the successful frauds to also stay down, organizations need to be more vigilant in continuously testing and improving their controls. Even the most thoughtfully built vendor onboarding and verification process only works if your humans actually follow it.

 
We will be at the TMANY New York Cash Exchange in June, with Mr. Arehart from Chubb, talking about what you should be asking your risk team and your insurance company about your process, what is protected, and how these types of scams succeed despite your best efforts.
 
Screen Shot 2022-04-21 at 2.26.20 PM

 Payments Fraud and Your Vendor Master: The Risk Inherent in Your Verification Process

June 7, 11 AM

Sign Up Here

 

Topics: payments fraud, AP, insurance, risk, social engineering fraud

PaymentWorks-Logo-Black_600tall

The Business Identity Platform that automates complex payee management processes to:

  • Eliminate the risk of business payments fraud  
  • Reduce cost
  • Ensure compliance

Sign up to be alerted when we publish interesting things

Recent Posts