Easy-to-Miss Fraud Risks Impacting A/P, Finance Right Now

About 90% of U.S. companies were targeted by cyber‑fraud last year – almost a 25% increase from the previous year. The rise doesn’t just focus on more attacks happening, though. Fraudsters are using smarter technology as well. AI-powered deepfakes, voice cloning tools, and advanced phishing techniques make it easier to mimic executives or vendors.

Business email compromise (BEC) scams have a lot to do with the rise in attacks. They have surged, with 63% of companies reporting these sorts of attempts last year.

Over 76% of finance professionals have known victims of A/P fraud in the past five years, which has increased from 65% in the previous year.

To combat these schemes, organizations are implementing enhanced payment-change workflows that include dual-approval checkpoints and callback procedures.

Watch Out for These Fraud Attempts

Phishing is now the most common cybercrime, as over 3 billion scam emails are sent every day. These messages sometimes appear so polished and official that they now blend in thanks to AI and the editing skills of native-English writers. 

Phishing may be one of the most common methods, but it’s just part of a larger playbook that’s becoming harder to spot. Here are some other easy-to-miss risks your team should be aware of:

1. Oversharing via out‑of‑office replies: Disclosing location or duration of one’s time away gives scammers fuel to develop targeted impersonation attacks. Keep auto‑replies minimal: “I’m away with limited email access. Contact [colleague] for urgent matters.”
2. Voicemail vulnerabilities: Voicemails left by vendors often inadvertently confirm sensitive payment update information. A strict “request callback” policy can help prevent over‑sharing.
3. Stealthy spoofing techniques: Attackers now use CSS to hide “external sender” warnings in emails.
   Tip: Use “whois lookups” to confirm suspicious domains before clicking links.
4. HTTPS ≠ safe anymore: SSL certificates are now quite easy to obtain. Even “locked” HTTPS sites can harbor phishing content.
5. LinkedIn phishing: Fraudulent messages on LinkedIn often impersonate recruiters or vendors. Watch for unusual domains, tone changes (usually urgent), or prompts to install software.

Fraud Hitting Even Closer to Home

As seen in recent global cases, the stakes for A/P teams are on the rise. Not only do A/P professionals need to protect their companies, but they also have to safeguard their own careers.

Password managers, which generate strong, unique passwords and resist auto-filling on spoofed sites, are a simple yet effective defense against fraud attempts. Only 31% of A/P teams currently use AI or ML tools to proactively catch fraud, though. It’s a gap that needs urgent attention.

Key Strategies for Today and Beyond

While new fraud tactics continue, so do smarter, more adaptive defenses. Here are several practical approaches that A/P and finance teams can implement to strengthen protection in a fraud-heavy landscape:

• Use AI-powered anomaly detection tools: A/P automation platforms now offer built-in machine learning capabilities that can flag unusual payment behaviors, duplicate invoice data, or unauthorized vendor updates.
• Implement stronger vendor verification protocols: Set up multi-step processes for any change to payment methods or contact information. That includes verifying requests using known, validated contact details.
• Limit sensitive details in all forms of communication: Limit the amount of information available to outsiders. Small oversights can give scammers enough context to impersonate leadership or vendors.
• Educate staff on evolving fraud tactics: Offer quarterly fraud prevention training or simulated phishing tests to keep employees sharp.
• Maintain clear escalation procedures: Instruct staff on when and how to elevate a suspicious interaction. Fast reporting can reduce losses and prevent further damage.
• Encourage use of password managers and multi-factor authentication (MFA): These tools reduce the risk of unauthorized access by creating strong passwords and ensuring access credentials aren’t reused on other platforms.

By reinforcing your defenses now, A/P teams can lessen risks, respond to threats, and build a secure financial foundation.

Fraud on the Rise Internationally, too

A/P consultant and trainer Debra Richardson noted in an IOFM webinar that A/P pros need to be extra cautious about fraud right now because of an emerging international trend of stronger employer actions being taken against Finance pros.

She said that in one case in the UK, an employer unsuccessfully tried to sue an employee for mistakenly sending more than $100,000 to a cybercriminal. In Australia, a $61 million fraud loss led to a company firing its CEO and CFO, and then trying to sue them, according to Richardson.

That means Finance pros need to be vigilant about fraud – not just to look out for your company’s interests and your vendors’ interests, but also to protect yourselves. Richardson said that even though they can be hacked, password managers significantly reduce the risk of business fraud because they generate long passwords, prevent reuse of passwords and prevent automatic logins to spoof sites.

To stay on top of evolving fraud threats, it’s good to periodically check these sites:

• IC3
• IRS, and
• Better Business Bureau.