Standard FTP lacks encryption, making it easy for hackers to use anonymous authentication and cross-site scripting to hijack data.
MFT systems like Globalscape are blind spots in anti-fraud programs. Attackers exploit automation, audit gaps, and rule engines to commit undetected financial fraud. Organizations must apply layered controls: immutable logging, rule change alerts, and content inspection – not just network security.
Navigating the intersection of and fraud prevention is critical for modern enterprises managing massive volumes of sensitive data. Globalscape, a leading Managed File Transfer (MFT) solution now owned by Fortra , is designed to eliminate the security gaps inherent in traditional FTP, which often leave organizations vulnerable to data theft, ransomware, and identity fraud. The Threat: How Fraud Targets File Transfers globalscape+fraud
Even secure platforms can have flaws. For instance, researchers have previously disclosed vulnerabilities in Globalscape EFT—such as authentication bypasses (CVE-2023-2989)—that could theoretically allow remote execution if not patched. Preventing Fraud with Globalscape EFT
Employees often bypass secure channels for "easier" consumer tools like unencrypted email or personal cloud storage, creating "blind spots" where fraudulent activity goes undetected. Standard FTP lacks encryption, making it easy for
Poulin engaged in a scheme to artificially inflate the company’s revenue and mislead investors and auditors. The methods included:
In 2017, GlobalSCAPE, Inc. disclosed an internal investigation revealing that senior management engaged in improper revenue recognition, inflating financial results by approximately $403,000 in accounts receivable through false purchase orders. A former executive pleaded guilty to wire fraud in 2018, leading to a class action lawsuit and the company's subsequent acquisition by Fortra in 2020. Read the legal details in the complaint at ClassAction.org . AI responses may include mistakes. Learn more Fortra Acquires GlobalSCAPE The Threat: How Fraud Targets File Transfers Even
| Control | Implementation in Globalscape EFT | |---------|------------------------------------| | | Audit EVENT_RULE_MODIFIED ; alert on new outbound email actions or script commands. | | Separation of duties | Require two admins to change folder-to-payment-system mappings; use AD groups. | | Immutable audit trail | Forward logs to SIEM (Splunk, QRadar) via syslog; disable local database deletion. | | File content inspection | Use ICAP server to scan outbound files for account number patterns; block unapproved substitutions. | | Session recording | Enable video capture of admin GUI sessions (Globalscape’s Admin Studio recorder). | | Periodic rule review | Weekly script to hash all event rules and compare to baseline. |