August 23, 2022
Fraud is at an all-time high and the latest scam you need to protect yourself and your business from is Vendor eMail Compromise.
Vendor eMail compromise is a cyberattack that involves the spoofing or impersonation of a legitimate business eMail address in order to defraud a company, its employees, clients or partners! Fraudsters use a compromised business eMail account from a vendor you know (and trust) to gain knowledge about you and your company. These compromised accounts can lead to major losses for your business.
How it Works:
- A fraudster will compromise a business eMail account belonging to your business or to one of your vendors. This usually happens through typical phishing attacks. The goal is to harvest the eMail credentials of someone working in finance or accounts receivable.
- The fraudster begins gathering information about normal business transactions between you and the vendor. This includes billing terms, invoicing and typical payment methods.
- The fraudster then executes their attack on you or someone from your accounts payable team will receive an eMail requesting an update to their payment methods. They will provide a new bank account number or mailing address.
- Once you begin paying legitimate invoices to the fake payment information the fraudster takes the money and runs.
- If you receive a notification from a vendor for change of payment method ALWAYS reach out to verify this information is correct. Call your account representative to ensure the switch is legitimate.
- Never provide your passwords, account numbers, PIN, Secure Access Code or any personal information to anyone, ever.
- Ensure you have received all your products/service before paying an invoice.