Look Out for Grinches Disguised as Trusted Suppliers

shutterstock

Consumer-related holiday scams are dominating the end-of-the-year news cycle. Savvy fraudsters are unleashing an unprecedented wave of new phishing emails and fake websites to lure unsuspecting buyers with the promise of deep-discount deals.

But consumers aren’t the only target. Businesses also need to be on high alert during the holiday season. It’s especially true since highly trained accounts payable experts take time off to celebrate with friends and family. Less experienced colleagues or part-timers who step in to fill the void will need a crash course in how to spot grinches disguised as trusted members of your supply chain.

If you think your team couldn’t possibly fall victim, consider that even the world’s most sophisticated tech giants have been duped. Earlier this year, for example, a Lithuanian man pled guilty to stealing more than $100 million from Google and other tech companies by impersonating a hardware supplier. The fraudster used phishing emails to transmit forged invoices and to convince the companies to wire funds to bank accounts he controlled. Once he was “in,” the flood gates were open. He ran the scam for two years before he was discovered.

Here are a few tips that can keep your company from becoming a victim:

• Verify all bank account changes before payments are issued. Adopt bank account ownership validation to confirm who really owns the bank account your company is being asked to pay. Real-time validation means that you can immediately spot scams, eliminate the human factor and protect your bottom line.

• Take a hard look at email addresses used to transmit invoices. Fraudsters will often set up an email domain that is only one letter off from that used by one of your trading partners. For example, “q” might be used instead of a “g.” So take a second and third look before entering the invoice for payment. For even better protection, decline invoices transmitted by email or “snail mail” and adopt an e-invoicing solution instead so invoices only come from companies you have invited.

• Make the move to supplier self-service. Since most accounts payable fraud scams start with a fake email communication, many companies are adopting self-service supplier portals to drive down their risks. If someone emails a request to make a bank account change, they direct the supplier to a portal to make the change themselves. Only authorized vendors with the appropriate login and password can get in and edit bank account info.

Grinch-proof your business

To learn more about fraud scams and the protective measures you can take, download our Payment Fraud Report. You’ll get real-world case studies that bring the latest fraud risks to life—including spoofing, business email compromise and other tricks used by bad actors lurking inside and outside your business. We also show you how to fight back by determining precisely who you are paying, before disbursements are made.