The “Lazarus” with a penchant for fraud – tips for your organisation in the lead up to Easter.

The "Lazarus" with a penchant for fraud - tips for your organisation in the lead up to Easter.

By Scott McLintock and Paul Curby,
Principals, CurbyPartners

While many of us will be taking a couple of extra days’ leave over Easter to leverage a 10-day break, the ever opportunistic fraudsters will be looking to take advantage of organisations with a skeleton staff. 

As with any holiday season, businesses are more susceptible to attacks from fraudsters looking to exploit chinks in the corporate security armour.  We are seeing a growing number of organisations falling victim to sophisticated, targeted attacks that could have been avoided if some simple checks and balances had been put in place.

In fact, over the last two weeks we have had three clients inform us that either:

  • Their IT systems and emails have been compromised; or
  • They have fallen victim to a fraud where one of their suppliers’ email accounts has been compromised and they have acted on instructions received from the fraudster believing them to be legitimate instructions.

In all cases, it has resulted in a significant amount of money being transferred to a fraudster’s bank account (operated by a ‘mule’) or via Swift transfer overseas.

In our experience, you are most at risk of a large fraud occurring just before big, global holidays such as Easter and Christmas.

Organisations therefore need to be hypervigilant with the upcoming Easter break, to help avoid falling victim to fraud or other cyberattacks.  We know that you are all busy getting things done before the Easter break, so here are a couple of key points to keep in mind with the Easter holiday fast approaching.

Why should we be more vigilant when a holiday period is approaching? 

  • People tend to rush things through before going on leave to avoid something not being actioned while on leave;
  • Further to the previous point, people may look to circumvent certain controls which they believe slows down the process in order to complete a task before going on leave;
  • The rush by suppliers and customers to cram in orders/work before the break which typically leads to an increased volume of work for procurement, accounts payable, accounts receivable and other support functions;
  • Key decision makers might be uncontactable during the break so people seek alternative authorisers who might not have the requisite knowledge of the process to recognise an anomaly or rather, fail to get any approval at all with a view of ‘fixing it later’; and
  • Staff may be required to cover roles they don’t usually have exposure to i.e. they might not know the usual process.

With this in mind, what do you need to think about with the upcoming break approaching?

  • Your staff are you first line of defence – remind your staff to be extra vigilant for change of account payee and account number requests.  Take the time to personally call the payee to check and verify that any such change requests are legitimate;
  • Remind your staff not to click on links sent from unknown recipients and not to enter account credentials if prompted.  Contact your IT team or IT service provider to validate the request before proceeding;
  • Keep up to date with the latest schemes that are being run by fraudsters so that you can take the necessary precautions to protect your organisation;
  • Ensure your controls and processes are adequate to identify any cyber attack; and
  • Ensure two factor authentication is enabled on all of your systems including email (e.g. Office365) to reduce the risk of them being compromised.

If you have been the subject of a fraud, suspect you have been defrauded or need assistance reviewing your processes and control environment, please feel free to contact us on or call (02) 8078 2104.


Linkedin Blog – The "Lazarus" with a penchant for fraud – tips for your organisation in the lead up to Easter.

By Scott McLintock and Paul Curby

Principals, CurbyPartners

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.