When the AICPA released this month’s Journal of Accountancy, they led with the line “The October Journal of Accountancy is cyber scary!” and they weren’t wrong. The featured article, AI-powered hacking in accounting: ‘No one is safe’, highlights how hackers are using advanced tools like artificial intelligence to create more convincing and sophisticated attacks, making the scams increasingly difficult to spot.

We wanted to share with you one type of scam that seems to be on the rise. A fraudster sends out sophisticated phishing emails and tricks a company user into opening a malicious link. The fraudster then has access to the company email system and sifts through emails to find information about an ongoing transaction. Maybe your company just hosted a large event, is remodeling your facility, or engaged with a consulting firm. The fraudsters become aware of these transactions and have access to the associated invoices that are being circulated via email. In multiple cases that we’ve seen, the fraudster edits the actual invoice or generates a new invoice, altering the payment details to require ACH payments be directed to the fraudster’s account. Everything about the invoice looks legitimate and it appears to be sent from the vendor, so often times the invoice gets paid. Once funds are sent, recovering them can be extremely difficult if not impossible. Remember, this whole nightmare started with a successful phishing email to your company, your client, or your vendor.

To help safeguard your business:

  • Verify payment requests through a trusted phone call to a known contact, especially with a new vendor or when bank details or payment instructions for an existing vendor change.
  • Be cautious of unexpected emails that create urgency or pressure you to act quickly.
  • Check email addresses carefully for subtle misspellings or inconsistencies.
  • Use multifactor authentication on all financial and email accounts.
  • Obtain cyber insurance coverage in advance of a security incident to protect your company if/when a breach does occur.
  • Educate your team so everyone knows how to recognize and report suspicious messages.

Cybersecurity threats evolve quickly, but awareness and caution remain your best defense. Should you wish to consult with someone about cybersecurity training and other ways to help protect your information, please talk to your Kemper CPA contact or  your Kemper Technology Consulting contact to see how our technology team can help.