The dual mandate of the finance and accounting team in my company is to support business growth and help mitigate against risk.
Due to the significant increase in people working remotely because of COVID-19, there has been a massive rise in vendor impersonation fraud. Through May of 2020, the Internet Crime Complaint Center (IC3) had received almost as many complaints year-to-date, as in all of 20191.
The pandemic has created the perfect storm to distract and confuse those responsible for paying invoices. This makes businesses of all types and sizes more vulnerable to fraud that is perpetrated via phony invoices or payment inquiries that attempt to redirect funds to the fraudsters’ bank account.
At Paymerang, we hold workshops with our clients to help them identify vendor impersonations. We’ve learned that the “bad guys” are very clever and their fraudulent schemes can seem quite plausible. While email is the most common form of attack, a phony payment request can also come by phone, fax or snail-mail.
To avoid being victimized by vendor impersonation fraud, it’s important to ensure that everyone on your team is hyper-vigilant and armed with some helpful tips to fight fraud:
- Be alert when asked to send payments to new accounts or new destinations other than what’s on file. Don’t be hesitant to confirm or authenticate the person sending the correspondence. When in doubt, call the vendor’s phone number on file to verify, not the phone number in the inbound communication as it might be fraudulent.
- Match any requests for payments with a valid invoice and verify the authenticity of the invoice if any information about the payment process has changed.
- Don’t assume others in your organization have verified the identity of a vendor. Be equally aware of emails forwarded from an internal employee requesting payment changes to existing vendors.
- Be aware of emails with invoices coming from a public domain, such as @gmail.com, instead of from the company domain.
- If a false sense of urgency is being created by a “vendor” aggressively requesting payment, slow down; be especially cautious of last-minute wire or ACH information changes. During this pandemic, real vendors understand that delays may happen and they are much more lenient on payment deadlines or charging late fees.
- Notice changes in tone, style or word choice that seem out of character from previous correspondence.
- Look for subtle spelling changes in an email address which indicate the communication isn’t coming from your actual vendor.
- Question requests to submit vendor payments to a specific individual.
- Do not use the “reply” or “reply all” options when authenticating emails for payment requests. Instead, use the “forward” option and type in the email address on file.
- Make vendor payment forms (i.e. ACH authorization forms) available only via secure means or to known entities.
- Do not store your vendor’s banking information in easy to access places – such as spreadsheets or as a note in your accounting software.
- Require that changes to payment account information be made or confirmed only by authorized managers.
- Educate and train all employees to recognize fraudulent activities, question discrepancies or suspicious requests for payment, and authenticate any changes to payment instructions.
In a world where payment scams are becoming increasingly prevalent and sophisticated, CFOs play an instrumental role in fighting fraud, and they must work diligently to ensure that procedures and operations stay safe and secure.
Also Read: Three Ways To Fight Bank Fraud