Proactive ways to fight vendor fraud
Whether private or public, business or government, all establishments are at risk for fraudulent business email compromise activity. Learn what steps you can take to avoid potential negative outcomes.
Times of disruption are often ripe for fraud activity. When your vendors’ emails have been compromised, a fraudster can pose as your trusted partner and send a fraudulent payment request. This is known as business email compromise (BEC), and it’s recently been seeing an increase in the news and in our communities. Below, you’ll find two examples of this activity and a curated, concise list of considerations to help you meet this challenge head on.
Example 1: A corporation’s vendor requests a change to their payment account information
A large corporation received an email from a trusted vendor to change their payment account information. The corporation authorized a six-figure wire transfer, believing it was a legitimate request from their vendor. When the corporation and the actual vendor discovered the fraudulent payment nearly a month later, the funds were unrecoverable.
Example 2: A university’s contractor requests a modification to their payment schedule
In a publicly reported case, a university entered into contract for construction services. A fraudster posed as their contractor and requested a modification to the payment account for a payment of nearly $2 million. University employees followed instructions to verify the account modification prior to sending payment.
However, the university had been deceived into contacting the fraudster for verification through the compromised email. The payment transferred. Days later, the university realized the construction company never received the funds and contacted law enforcement.
Four controls to help prevent vendor fraud
While threats may continue to persist, a concise plan and educated staff can deter fraudulent activity. Use these recommendations to help protect your organization.
Time can make the difference when dealing with BEC. If you believe your organization is a victim of BEC, contact your bank representative immediately to attempt to recover the funds.