Vendor Payment Fraud
Customer and bank-targeted fraud is on the rise.
It seems vendor payment fraud is one of the more popular forms of fraud today impacting business owners, often as a result of a Business Email Compromise in which the business email has been taken over by the Bad Actors.
Below are just a few examples of Vendor Payment fraud; however, there are a variety of other scenarios that can occur:
-
Office Manager receives an email from whom they think is a long-time vendor. The email seems familiar and includes an invoice for payment. The invoice is for actual services rendered, and the amount is close to what the business is expecting. The payment instructions request an ACH when in the past the primary form of payment was a check. Office Manager authorizes a large ACH/electronic payment to be sent to the payment instructions within the email, not realizing the email was spoofed and actually came from a Bad Actor. Funds have been directed to someone other than the Vendor whom they intended to pay. Weeks can pass before it becomes realized that the payment was not sent to the proper place.
-
Business Owner is working on a project that will have various new vendors they are not familiar with and who will be sending invoices to be paid. Business Owner’s email has been compromised and Bad Actors are monitoring the email traffic. The Bad Actors see that the Business Owner is now expecting to be billed for a certain portion of the job that has been completed, so the Bad Actors create an invoice for the expected amount and email it to the Business Owner. Business Owner sends a large ACH/electronic payment to the account information provided in the invoice. Weeks can pass before it becomes realized that the payment was fraud.
Helpful tips to help prevent Vendor Payment fraud:
-
When you or someone on your staff become aware that a vendor or someone pretending to be the vendor made changes to payment instructions, especially if only done through email communication, you should always call the vendor to confirm that the ACH and/or wiring instructions are accurate. You should use a phone number you are familiar with from prior dealings, and do not use phone numbers provided through email as they could ring straight to the Bad Actor. Once you have a familiar person on the phone using a phone number you know is accurate from prior dealings, you should ask the vendor to read aloud to you their payment instructions to confirm that what you have is correct. This will help to identify account changes that might be made through fraudulent email correspondence.
-
Anytime you are having dialogue about invoice payments, ACH instructions or Wiring instructions that has been only by email, you should always make a phone call to a known number to verify the payment instructions have not been altered.
We trust you will find this information useful and invite you to visit our Banking Resource Center for additional information related to fraud-related tools and information.