Our team continuously monitors the headlines for the latest accounts payable (AP) and security news. We bring you all the essential stories in our cyber brief so your team can stay secure.
AFP: Aussie scam victims most likely to be re-victimised
The Australian Institute of Criminology's Cybercrime in Australia 2024 report reveals that 42.1% of cybercrime victims experience multiple attack types within a single year, with fraud and scam victims facing the highest re-victimisation risk (80%).
Repeat victimisation significantly amplifies harm: victims experiencing three or more types of cybercrime are three times more likely to report health, financial, and legal impacts compared to single-type victims. The AFP emphasises that cybercriminals exploit initial vulnerabilities for repeated attacks, urging Australians to adopt preventive measures, such as multi-factor authentication and regular software updates, to break the victimisation cycle.
Interpol operation exposes organised fraud networks spanning 70 countries
Interpol's Operation Haechi V uncovered coordinated business email compromise (BEC) and fake vendor networks across 70 countries responsible for hundreds of millions in losses. Meanwhile, a Europol study also revealed impersonation-as-a-service operations selling verified bank accounts, forged credentials, and synthetic identities with post-sale support.
With the FBI reporting that business email compromise schemes caused over $3 billion in global losses during 2024, it’s crucial for finance leaders to understand that fraud networks operate like industrial supply chains – and to understand whether their organisation’s fraud controls are adequate in this sort of threat environment.
Read our deep dive into Interpol’s operation, risks in cross-border payments, and what it all means for finance leaders.
AI-powered social engineering contributes to $16.6 billion in fraud losses
According to the FBI, cybercrime losses reached $16.6 billion in 2024, up 33% year-over-year – and a lot of it is driven by AI-enabled social engineering attacks.
Across various sources and analyses, we can see exactly how those attacks are taking shape. For instance, a Kaufman Rossin analysis highlights vishing tactics using AI-generated voice cloning to impersonate bank representatives and officials, now indistinguishable from genuine voices in controlled tests. A Consumer Reports investigation also found that commercial voice cloning tools create convincing replicas with minimal safeguards. “Boss scams” exploit social media data to impersonate managers and pressure new employees into fraudulent transactions.
In sum, billions of dollars are lost as cybercriminals find increasingly sophisticated ways to exploit employees’ trust.
ACCC: scam attempts decrease, but dollar value increases
In the first half of 2025, Australians reported more than 108,000 scam incidents and approximately $174 million in direct financial losses to the National Anti‑Scam Centre’s Scamwatch service. While the total number of reports fell by about 24% year-on-year, the total value of losses rose roughly 26% compared with H1 2024.
So what do businesses need to know? Cyber-fraud losses continue to escalate in value even where incidence counts drop, indicating that fraudsters are targeting fewer but higher-value incidents and emphasising the need for strong detection, payment-controls and incident-reporting frameworks.
Cybercrime costs surge 219% for large Australian businesses
The Australian Signals Directorate's latest threat report is out, and there are some unsettling numbers. First, the report reveals an 11% increase in cybercrime incidents, with large businesses facing a whopping 219% rise in average loss value.
The report examines the use of credential theft and AI-powered phishing, along with a major rise in critical infrastructure attacks. See a breakdown of the full report.
The US Better Business Bureau issued a recent warning that "ghost tapping" scams are abusing near-field communication technology in contactless payment chips and digital wallets.
Criminals use wireless readers in crowded spaces to access tap-enabled cards without detection, or pose as vendors to initiate small charges that evade fraud systems. Recorded Future's Insikt Group identified organised networks distributing phones and phishing software to scale these operations.
While it was a US agency to issue the warning, ghost tapping has been flagged as a risk worldwide. Hear Eftsure’s Chief Technology Officer, David Higgins, explain ghost tapping on the Friends With Money podcast.
