Proactive ways to fight vendor fraud

January 10, 2023

Whether private or public, business or government, all establishments are at risk for fraudulent business email compromise activity. Learn what steps you can take to avoid potential negative outcomes.


Times of disruption are often ripe for fraud activity. When your vendors’ emails have been compromised, a fraudster can pose as your trusted partner and send a fraudulent payment request. This is known as business email compromise (BEC), and it’s recently been seeing an increase in the news and in our communities. Below, you’ll find two examples of this activity and a curated, concise list of considerations to help you meet this challenge head on.

Example 1: A corporation’s vendor requests a change to their payment account information

A large corporation received an email from a trusted vendor to change their payment account information. The corporation authorized a six-figure wire transfer, believing it was a legitimate request from their vendor. When the corporation and the actual vendor discovered the fraudulent payment nearly a month later, the funds were unrecoverable.


Example 2: A university’s contractor requests a modification to their payment schedule

In a publicly reported case, a university entered into contract for construction services. A fraudster posed as their contractor and requested a modification to the payment account for a payment of nearly $2 million. University employees followed instructions to verify the account modification prior to sending payment.

However, the university had been deceived into contacting the fraudster for verification through the compromised email. The payment transferred. Days later, the university realized the construction company never received the funds and contacted law enforcement.


Four controls to help prevent vendor fraud

While threats may continue to persist, a concise plan and educated staff can deter fraudulent activity. Use these recommendations to help protect your organization.

  1. Email policies and training: Educate employees about common tactics related to social engineering (e.g., phishing, smishing, and vishing) along understanding common ways to identify associated red flags such as variations in domain name, email address and links along with a sense of urgency or suspicious attachments. 
  2. Vendor account management: Record the individuals who will act as the primary contacts for the vendor and will be responsible for verifying any changes to account information. Regularly confirm the accuracy of this contact information. 
  3. Dual approval for vendor payments: Use a second set of eyes on payments and supporting documentation to allow for further scrutiny of the authenticity of the instructions. Also, consider setting risk-based dollar thresholds for dual approvals. 
  4. Vendor payment notification for large payments: Identify criteria for high-value or high-risk payments. Include a follow-up with your primary vendor contact to make sure they received the funds. Review your current policies and controls for email use, vendor management, and accounts payable.

Time can make the difference when dealing with BEC. If you believe your organization is a victim of BEC, contact your bank representative immediately to attempt to recover the funds.


At U.S. Bank, your privacy and security are our priority. We’re constantly enhancing our systems to protect your data while providing seamless technology experiences.


Read more on the topics of cybersecurity and how to protect your organization from fraud.


Related content

The mobile app to download before summer vacation

Webinar: Mobile banking tips for smarter and safer online banking

Risk management strategies for foreign exchange hedging

How-to guide: What to do if your identity is stolen

4 strategies for coping with market volatility

Money muling 101: Recognizing and avoiding this increasingly common scam

Evaluating interest rate risk creating risk management strategy

Avoiding the pitfalls of warehouse lending

Proactive ways to fight vendor fraud

Cybersecurity – Protecting client data through industry best practices

Webinar: How to stay safe from cyberfraud

The cyber insurance question: Additional protection beyond prevention

Higher education strategies for e-payment migration, fighting fraud

5 Ways to protect your government agency from payment fraud

Authenticating cardholder data reduce e-commerce fraud

Insource or outsource? 10 considerations

Automate accounts payable to optimize revenue and payments

Protecting cash balances with sweep vehicles

3 tips to maintain flexibility in supply chain management

What is CSDR, and how will you be affected?

How to avoid being the victim of a digital payments scam

Best practices on securing cardholder data

Cybercrisis management: Are you ready to respond?

Turn risk into opportunity with supply chain finance

Webinar: What’s new in international payments?

Webinar: Managing foreign exchange risk in unpredictable markets

How to keep your assets safe

Learn to spot and protect yourself from common student scams

Cryptocurrency custody 6 frequently asked questions

How to spot an online scam

Complying with changes in fund regulations

Small business growth: 6 strategies for scaling your business

Manufacturing: 6 supply chain optimization strategies

Healthcare marketing: How to promote your medical practice

Liquidity management: A renewed focus for European funds

5 questions you should ask your custodian about outsourcing

Webinar: Approaching international payment strategies in today’s unpredictable markets.

10 ways a global custodian can support your growth

How to choose the right custodian for your managed assets

Webinar: How to fight off fraud

Webinar: Protect yourself or your loved ones from elder fraud

Increase working capital with Commercial Card Optimization

Fraud prevention checklist

4 ways to outsmart your smart device

What you need to know about financial fraud

How you can prevent identity theft

Alternative investments: How to track returns and meet your goals

Hospitals face cybersecurity risks in surprising new ways

Webinar: Cash management strategies for higher education

5 steps you should take after a major data breach

Why KYC — for organizations

Post-pandemic fraud prevention lessons for local governments

BEC: Recognize a scam

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

3 timeless tips to reduce corporate payments fraud

The surprising truth about corporate cards

White Castle optimizes payment transactions

4 tips for protecting your business against Coronavirus-related scams

The latest on cybersecurity: Mobile fraud and privacy concerns

How to improve your business network security

Government agency credit card programs and PCI compliance

Business risk management for owners of small companies

The benefits of a full-service warehouse custodian

Webinar: A closer look at U.S. Bank AP Optimizer

The future of financial leadership: More strategy, fewer spreadsheets

How to improve digital payments security for your health system

Enhancing liquidity management: 4 benefits of visibility

Webinar: Fraud prevention and mitigation for government agencies

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Webinar: Recording of the Central Securities Depository Regulation and Pivot

Webinar: CRE technology trends

Webinar: Robotic process automation

Webinar: CRE treasury leader roundtable

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.