Many businesses around the globe are struggling to find enough skilled workers to fill their needs. Yet there’s one sector that never seems to have a shortage of increasingly talented labor: cybercrime. Plenty of organizations “on the dark side” are attracting more, and more sophisticated, talent. 

Statistics from research published by online payment processors, professional fraud mitigation entities and ecommerce platforms show a compelling trend: fraud risk has grown exponentially since the COVID-19 pandemic began, a trend that will continue at an unprecedented pace in 2022.  

None of this is surprising to those of us on the front lines of the fight against fraud or anyone in the accounting profession. We see it or hear about it every day: bad actors masterminding fraud schemes that put our firms and our clients at risk. 

The reality is that the sheer volume and complexity of these emerging risks have made the stakes extremely high. We’re not talking about a few phishing emails or the possibility of a hack now and then. We must be prepared for a whole new ballgame in 2022.

The 2021 IRS Criminal Investigation annual report shows the agency completed more than 2,500 criminal investigations, including more than $10 billion from tax fraud and financial crimes. These top-tier fraud fighters convicted almost 90 percent of the perpetrators in these cases. They are serious about reducing fraudulent activity, and we need to be, too. 

While the world was on lockdown, cybercriminals upped their game

A key factor in the surge in high-level fraud is the pandemic, which instigated a massive and quick shift among the general population to online financial activity on an unprecedented scale. This opened the floodgates for cybercrime around the globe and across every sector of the economy including retail, professional services, health care and more. 

The economy depends on businesses being able to deliver products and services to clients when and how they choose, and now, more than ever, it’s online. While conducting business online offers many benefits such as convenience, efficiencies and cost-savings, we must also consider its dark underbelly: the inherent fraud risks and cybersecurity concerns, technological deficiencies, systematic vulnerabilities and, of course, the human factor (both error and greed).

As accounting professionals, we need to be aware of these threats and be prepared to put mitigation strategies in place when managing remote teams to combat the lack of internal controls and processes as well as the systemic vulnerabilities that allow employees and third-parties to participate in fraudulent activities. 

From tax season scams to accounts payable perpetrators, here’s how to fight the top emerging fraud risks in 2022

As a certified fraud examiner, I am always on high alert for red flags that can point to fraud, and the pandemic has put the following fraud risks on my radar. I share them with you so you can take action to mitigate their impact on you and your clients.

Tax scams. Be sure to keep on top of the latest tax scams to educate your team as well as your clients so they can take steps to protect themselves. The IRS sends frequent updates on these scams, and while ignoring them is easy, during tax season, consider checking them as a business continuity strategy. If your firm goes down or you have a big client affected by tax fraud, the impact can be devastating. Visit the IRS’s website to learn more about common tax scams and tips to help taxpayers avoid them.

Brute-force attacks. In these attacks, criminals use computer algorithms to try to access the credential information that will give them access to an account. Once they have the login information for an account, it is used to perpetrate an account takeover attack, or ATO (see below). This is why using unique passwords and changing them often is so important.

ATOs. You should familiarize yourself with some of the new types of fraud schemes, such as ATOs. This is a type of online identity theft in which a criminal gets unauthorized access to an account through which they can access money, products, services or other valuable data. This is essentially a database hack, similar to what some of the big retailers or banks have fallen prey to. However, your portal system or any platform requiring an account and login information is fair game when it comes to an ATO.

Phishing. This fraudulent practice has been around for decades, but it’s still a serious problem. Literally millions of individuals every year fall prey to this classic cybercriminal trick that involves sending emails purporting to be from valid financial and ecommerce organizations, or using fake websites to get a victim to click on a link, thereby providing sensitive information to the criminal or spreading a virus. 

Phishing attacks can happen in your firm, at your clients’ companies and at home. The potential risk for remote workers without proper security training and protocols is high. You need to make sure your staff are trained to avoid these types of scams and encourage your clients to be aware as well.

Advanced accounts payable fraud. With so many payment platforms available, accounts payable fraud can be difficult to mitigate. A client using an online platform presents cybersecurity concerns; however, if you make sure that the two-factor authentication and proper access controls are in place, it’s a million times less risky than using a manual system, which is a whole other can of worms!

Internal fraud. Given the considerable mental and financial stress that the pandemic has caused for a lot of people, you cannot overlook the risk that employees or others may engage in criminal behavior including payables and other types of fraud. If you or your clients have gaps in your systems, now is the time to put the proper financial controls in place to close them. 

Recent statistics from the National Association of Certified Fraud Examiners indicate that the most common methods used to conceal employee theft are creating fradulent physical documents, altering physical documents, altering electronic documents or files and creating fraudulent electronic documents or files.

To avoid the alteration of accounts payable documents or the creation of these documents for fraudulent use, you must have a consistent process in place with appropriate review and approvals supported by technology that will help you address cybersecurity vulnerabilities. However, all of this needs to be implemented with a strong vendor management strategy to avoid both internal risks, such as an employee sending fake vendor payments to their home, and external risks like criminals spoofing vendors to try to access payment accounts via a phishing scam. 

Fraud fighters must unite in 2022

The risks above are just the tip of the proverbial fraud iceberg coming our way. As accounting professionals, we must prepare ourselves to be on the front lines in the fight against fraud for the safety and survival of not only our own firms but our clients’ personal and professional interests. So take note and keep your fraud-fighting checklist close at hand so you can reduce the risks for your firm and your clients as these and other cybercrimes continue to emerge in the coming year.