Each month, the team at Eftsure monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
Two-thirds of Australians leave data exposed, Home Affairs finds
New Home Affairs research shows that 64% of Australians expose their personal information through social media accounts, leaving them more vulnerable to scam targeting.
The finding highlights how social media, now a standard reconnaissance tool for scammers, gives attackers the context they need to craft convincing phishing and impersonation attempts against individuals and the businesses they work for. Finance teams are not immune: socially engineered BEC attacks often begin with an attacker building a profile of an executive or AP staffer from publicly available information.
WA council loses $350,000 to supplier phishing scam
A Western Australian local government entity has lost around $350,000 after a phishing attack opened the door for criminals to fraudulently change a supplier's bank account details in its finance system. The pattern is familiar: fraudsters target AP teams with credible-looking emails to push through a routine supplier account change, then let genuine invoices flow to the fraudulent account.
Within Eftsure’s data, local government organisations are some of the most common targets for fraudsters, likely because they tend to fewer security resources than large enterprises.
First Australian prosecuted under Commonwealth deepfake laws
The first Australian to be prosecuted under Commonwealth laws (introduced in 2024 to combat image-based abuse involving AI) has pleaded guilty.
The case tests Australia's evolving deepfake legal framework, signalling how courts might treat AI-generated image abuse. Even with clearer domestic precedent, prosecuting AI-enabled scams will continue to be difficult due to where most of them originate. Most fraudsters operate from overseas jurisdictions, where cross-border enforcement is slow and patchy and where new Australian laws have limited reach.
Regulators flag advanced AI models as new banking cybersecurity risk
At this week's IMF and World Bank spring meetings, regulators and central bankers raised concerns that advanced large language models, including Anthropic's new Claude Mythos Preview, could expose weak spots in banks' cyber defences.
Officials warned that increasingly capable AI systems could be weaponised against financial institutions. In particular, there are widespread concerns about automated phishing attempts, the scaling of social engineering, and the probing of authentication controls at scale. The discussion reflects a broader shift, which is that regulators are no longer treating AI risk as a future-tense topic.
AI tools have been both an opportunity and a threat for a while now, but April 2026 saw fears reach a frenzy as Anthropic claimed it was pausing a new release due to severe security risks. Read more about our thoughts on Claude Mythos.
Singapore arrests three teens in BEC scam against US remitter
Three teenagers have been arrested in Singapore over a US$2.89 million business email compromise scam that targeted a US fund remitter. Police say the trio set up shell companies and DBS corporate accounts to receive the stolen funds.
The scam unravelled when one of them tried to withdraw US$2.56 million in a single transaction, raising suspicions among DBS staff who alerted police. The rest had already been wired offshore.
