Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Silent Ransom Group targets US firms with invoice-lure vishing
Google's Mandiant and an FBI Flash alert have detailed a financially motivated extortion campaign by the group tracked as Silent Ransom Group (also known as Luna Moth), hitting US legal and financial services firms.
The attackers open with benign, invoice-themed emails, then call posing as IT support to talk staff into granting remote access, sometimes moving from first contact to data theft and a ransom demand in under an hour. Researchers say the group has even incorporated an in-person element to the attacks, sending operatives to offices with USB drives.
Digital forensics leader warns deepfakes are becoming impossible to spot
A leading digital forensics expert has warned that AI-generated video and audio have become so convincing that even specialists can no longer reliably identify them.
Hany Farid, a UC Berkeley professor whose work helps governments, courts and news organizations verify digital content, told The New York Times that he is increasingly unable to distinguish real media from deepfakes. For finance teams, that erodes a long-trusted control: if a face or voice on a call no longer confirms identity, verification has to rest on independently held details.
Our breakdown of why finance teams need to rethink verification explores what that means for leaders, their people, and their controls.
Inside the Chinese real-time deepfake software powering scams
In a 404 Media investigation, journalist Joseph Cox tested Chinese software sold openly to scammers and watched his own face mapped onto another person's body, live, on a Microsoft Teams call.
The fake held up through the gestures that once exposed deepfakes: a pinched cheek, a hand over the nose. It ran across Zoom and WhatsApp on consumer hardware, not specialist kit. It's another sign teams need to rethink verification: a study from security firm Outtake found impersonation attacks hit 53% of organizations this year, yet three-quarters only monitor lightly or react after the fact.
Fake-invoice phishing kit caught while still being built
Malwarebytes researchers uncovered a fake invoice campaign while it was still being assembled, finding near-identical templates impersonating Amazon and PayPal with placeholder fields like "#PRICE#" and "#TFN#" (shorthand for the toll-free callback number).
The invoices route victims to a phone line where a fake "support agent" extracts payment details or device access, a tactic known as callback phishing. For AP teams, it's a reminder that an unexpected invoice carrying an urgent "call this number" instruction is a prompt to verify through known contacts, not the details printed on the document.
Google sues AI-powered phishing network behind billions in losses
Google has filed a lawsuit against a China-based operation it calls Outsider Enterprise, accusing it of using Gemini and other AI models to mass-produce more than 9,000 phishing sites.
For a subscription as low as $88 a week, the network's "phish kit" offered over 290 templates impersonating banks, telcos, retailers, and government agencies, then sent texts luring victims to the AI-built sites. The FBI says the platform has enabled the theft of 3.87 million card numbers and roughly $1.9 billion in losses since 2023.
BCG warns finance teams need guardrails as "vibe coding" proliferates
BCG's Center for CFO Excellence predicts "vibe coding," where staff build software by describing what they want in plain language, will spread across finance, but warns it brings new control and compliance risks.
Tools like Claude Code and OpenAI Codex let analysts spin up apps for forecasting, anomaly detection, or document review without writing code. Without governance, BCG cautions, CFOs risk trading "shadow Excel" for "shadow code": undocumented scripts that sit outside official systems and are hard to spot until something breaks. The report urges clear oversight, careful use-case selection, and human judgment.
CFOs keep raising tech spend despite low economic confidence
Even as finance leaders' confidence in the US economy fell to a 20-quarter low, Grant Thornton's Q2 2026 CFO Survey found two-thirds plan to increase technology and digital transformation spending over the next year.
Just 37% of the nearly 240 CFOs surveyed were optimistic about the economy, yet 67% expect to spend more on IT as AI becomes a bigger priority, and 97% are now piloting, scaling, or fully integrating AI. The catch: many admit governance, risk management, and internal controls aren't keeping pace.
