Our team continuously monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Report: cyber risk programs omit finance teams
A study commissioned by cybersecurity firm Qualys found most companies still treat cybersecurity as an IT issue, giving less weight to finance and other business priorities. Just 22% of organizations involve finance teams in risk discussions, while fewer than one-third align security programs with business objectives.
Qualys VP Mayuresh Ektare warned that programs detached from operational, financial, and regulatory stakes are ineffective. Experts stress that CFOs must partner with CISOs to quantify risks, guide investment, and communicate cybersecurity risks in financial terms. Not only do we think CFOs should be included in security discussions, we think CFOs are best-placed to drive an overall anti-cybercrime strategy and know how to distinguish it from cybersecurity measures. See our full strategic guide.
Digital natives more likely to be deceived by AI deepfakes
New research indicates that the people who are most confident in spotting AI scams — particularly Gen Z — actually tend to be the most vulnerable, with 30% successfully phished compared to 12% of baby boomers.
Despite a 62% overall rise in reported scam victims, fear of AI fraud has fallen by 18% year-on-year. Scammers now use AI to craft personalized messages, clone voices, and mimic brands or trusted contacts with alarming accuracy.
Report: generative AI fuelling million-dollar fraud losses
A recent report claims that one in four enterprises lost over $1 million in a single fraud attack last year, as generative AI accelerates large-scale sophisticated scams.
The report warns that generative AI has turned fraud into coordinated, cross-system business attacks that exploit gaps between teams and tools — and we know from the Qualys study that there are serious gaps between IT and finance. The findings support that insight, suggesting that finance–security misalignment worsens fraud risk and that only 27% of organizations share fraud prevention ownership.
Deepfake scams surge with executive impersonation attacks
The alarm bell has been ringing for years, but evidence continues to mount: AI-generated deepfakes are taking social engineering scams to another level. Deepfake-related cyberattacks in the US exceeded 105,000 last year — roughly one every five minutes — marking a sharp rise from 2023, according to Adaptive Security CEO Brian Long.
Once rare, these scams are becoming more prevalent. Criminals target employees with privileged access, posing as CEOs or senior officials in convincing video calls to pressure them into wiring funds or sharing sensitive data. High-profile examples of such fraud tactics have made headlines since at least last year, but finance leaders and security specialists are confirming that these scams are becoming more prevalent.
Baltimore hit by $803K vendor payment fraud loss
The City of Baltimore lost more than $803,000 after a fraudster redirected electronic fund transfers by altering a vendor’s banking details in the city’s procurement platform, according to an Inspector General report.
While a separate $721,000 payment was stolen and recovered, the larger loss remains unretrieved. Investigators cited weak supplier verification controls in the city’s accounts payable unit. Recommendations included stricter user authorizations, staff training, and immediate fraud reporting. The Comptroller’s Office has since implemented reforms to strengthen verification and oversight, amid rising AP fraud risks that affected 96% of companies in 2024.
RFQ scammers steal goods via spoofed emails
Proofpoint researchers warn that cybercriminals are exploiting the Request for Quote (RFQ) process to steal physical goods by spoofing companies with stolen files.
Fraudsters have been sending convincing RFQ emails seeking equipment like networking gear, CCTV systems, or medical hardware. Then, they request Net 15–45 payment terms. Once goods are shipped to US homes or rented warehouses, forwarding services send them to West Africa, leaving victims unpaid. Some intermediaries may be unaware or coerced participants. Proofpoint has tracked RFQ scam groups, blocking related emails and dismantling 19 domains tied to the scheme.
