If you work in accounts payable, you know billing scams are getting more sophisticated by the day. And as the risks increase, so do the potential losses. Just imagine what it was like to be on the payables team for a global airline that recently experienced a heart-stopping email spoofing attack.
You walk into your office, check your email, and see you have a message from one of your company’s largest suppliers – an online marketplace that sells tickets to passengers. The email asks you to change the marketplace’s bank account number in your vendor master file before your next payment is issued.
You know there is a payment in the queue that is ready to transmit, so you don’t have much time to act. If you stop long enough to manually authenticate the new account number, the payment will be issued to the old account.
Everything looks appropriate, so you opt to act fast and deliver the kind of white-glove service your supplier deserves. You change the account number and a $4 million electronic payment is transmitted to the new account. Yep, that’s right – a $4 million payment.
Once you have time to catch your breath, you take a closer look at the email address associated with the change request. You notice a one letter difference in the email address of the sender and the email domain name used by your supplier. Your heart stops. You’ve been spoofed, and your error just cost your company $4 million. Your once-promising career flashes before your eyes.
In this real-life event, there is a happy ending. The $4 million payment to the hacker’s account was reversed before the payment could be withdrawn. And heads didn’t roll. Instead, the airline’s payables team turned it into a “teaching moment.”
But let’s face it. It’s a great example of how traditional controls just aren’t enough. We’re all human, and occasionally we make the wrong decisions. That’s why we all need technology defenses to fight back against tech-savvy fraudsters.
One example of these tech-powered defenses: New bank account verification tools place the same account verification protections used by major banks at your fingertips. And they can transform what could be a very bad day in the office into one that’s business as usual.
Put yourself back in that office with your supplier’s request to change the bank account receiving your payments. You use real-time bank account verification tools to determine whether the account is owned by your supplier. You get immediate feedback indicating that the account holder is an individual, not a company. It takes just seconds to determine that what looks like a valid request is really just a dirty trick.
Instead of changing the account number, you route the email with your corporate security team. And you get kudos for protecting your company and its valued supplier from a costly fraud scam. It’s a better outcome – without the heart-stopping adrenaline rush.
So have a better day. For a deeper dive into bank account fraud protection, download our one-pager on Preventing Fraud Before Payments are Made to discover how you can bring the best banking protections to your enterprise.