Does your government use electronic disbursements? SAO offers tips and resources for evaluating your cyber fraud risks

The disruptions caused by the COVID-19 pandemic resulted in increased dependence on technology and electronic payment networks. This shift has created new opportunities for bad actors to steal public resources and assets from your government. By using various cyber fraud schemes, such as fake email addresses or compromised email accounts, bad actors are successfully tricking governments into rerouting electronic disbursements to their own accounts. And the fraudsters are raking in a hefty profit. Between 2019 to October 2022, Washington's governments have reported more than $21.8 million in estimated losses cyber losses to our Office.

Unfortunately, we hear frequently of organizations in both the public and private sector falling victim to these cyber frauds. Between 2019 to October 2022, our Office has received 175 reports of cyber frauds from governments in Washington state. Considering governments are increasingly using electronic disbursements, including Automated Clearing House (ACH) payments and electronic funds transfers (EFTs), it is important to understand what factors might be increasing your risk of experiencing a cyber fraud. Based on our own investigations of cyber-related fraud, here are some key risks to be aware of:

• Personnel changes – Whether employees are retiring or seeking new opportunities, staff changes have been happening everywhere, especially in government. With staff turnover comes the risk that newer employees may not be aware of the processes and controls your government has in place to combat these frauds. Remember to educate and train your staff on your expected policies and procedures, and to be vigilant on these cyber schemes.
• Remote working environments – While technology makes it easier for remote employees to perform their duties and stay connected, remote work environment also bring several cybersecurity challenges. It's important to stay on top of these potential vulnerabilities to prevent cyber frauds, such as phishing or malicious software being installed for deceitful purposes. Our Office has some tips and tricks available on how to protect your data in this October 2022 blog post.
• Operational adjustments – Your government's operations may have shifted since the onset of the COVID-19 pandemic, and now you may be using electronic payments more frequently than physical checks or warrants. This is ripe for bad actors to take advantage of, as they hope that you will fall for their scheme and wire these payments directly into their bank accounts. Check out some best practice tips regarding these ACH payments and wire transfers.
• The “everything is okay” trap – Your government's staff and management may have a mindset that you won't experience a cyber fraud, especially if you have strong policies established, clean audits, haven't experienced a fraud yet. This potentially false sense of security may heighten the risk of your employees and managers letting their fraud-prevention guard down, and that's one trap you don't want to fall into. It's always a good practice to revisit your policies and procedures, and we recommend bookmarking our Segregation of Duties Guide to help you evaluate your current environment.

At the end of the day, no government is immune from these risks, and fraud can absolutely happen to you. But just because fraud can happen, doesn't mean you have to let it. You can prevent electronic disbursement frauds if you take proactive action now by establishing strong controls and monitoring.

More resources

Our Office has other excellent resources available on internal controls and best practices to consider implementing, to prevent cyber frauds from happening to you. Check out our #BeCyberSmart page, Resource Library, and new Preventing Fraud page.