6 steps to safeguard A/P from business email compromise fraud attempts
Your A/P staffers are experts at managing your organization’s payments. However, their work also makes the company vulnerable to business email compromise attacks, which are getting harder to detect.
In fact, there were nearly 20,000 reported incidents of business email compromise scams in 2021 – with adjusted losses at nearly $2.4 billion, according to the FBI Internet Crime Complaint Center.
Fraudsters often try to either impersonate a vendor or a company executive to change a legitimate vendor’s payment information to their own personal account.
And because payments can be transferred to cryptocurrency wallets and quickly dispersed, it makes recovering funds that were sent to a criminal by mistake even more difficult.
Due diligence for stopping business email compromise
Here are some best practices being used by A/P teams at other firms to fight back against business email compromise fraud:
- Train your team. Conduct periodic cybersecurity training so your entire workforce will be alert for fraud.
- Flag any address change requests for review. Fraudsters may attempt to divert payments to a different mailing address.
- Email and call the vendor. After receiving any payment change request, email the trusted contact you have on file to confirm it’s real. Then make a phone call to the vendor’s controller using a previously used, legitimate number (if necessary, get it from an invoice that’s at least six months old). Ask the controller to verify the bank name and the last four digits of both the old and new accounts.
- Attach original paperwork. When sending payment change request confirmation to a vendor’s controller, attach all the documentation submitted with the request. The controller will either validate it or let you know it’s a fraud attempt. Also, ask the controller to identify the last four payments they received from your firm.
- Only accept a custom change form that your trusted vendors already have. Create a personalized form the vendor must complete to request a change and get it in your vendors’ hands. Explain why you’re making this change.
- Request two signatures. Require signatures of two financial officers from a known vendor before making any initial ACH setups or changes to banking information.
If you suspect that you’ve been a victim of payment fraud, you need to notify your bank right away and file a report at ic3.gov.
Free Training & Resources
White Papers
Provided by Anaplan
Further Reading
About 90% of U.S. companies were targeted by cyber‑fraud last year – almost a 25% increase from the previous year. The rise doesn...
Businesses may be losing more through accounts payable than they realize – and most of it never shows up as a line item. A new report ...
Although consumers have fully embraced digital payments – peer-to-peer mobile apps, electronic bill-pay services and getting paid via...
When you break down your labor costs, it’s probably employee base pay that eats up the most money. Yet it’s an expense you can&...
Financial crime is evolving faster than finance teams can keep up. Deepfakes fool executives into authorizing wire transfers. Synthetic ide...
Elon Musk told an interviewer last week we’re in a recession. A second big bank just bit the dust. Mass layoffs continue in certain s...