Close this search box.

Why It’s So Easy To Fall Prey to Business Email Compromise Scams

transparent email icons with a warning sign above one email

Do you think your email blocking software will stop all phishing emails? Think again.

In April of 2024, the deposit for two new ambulances for the Rockville Volunteer Fire Department was wired to cybercriminals instead of the real vendor.  According to ABC News 7 article  “Rockville Volunteer Fire Department loses $220K to cybercriminals in email scam” a spoofed email with one letter of the email changed was used to impersonate the vendor and request a change of banking details.  The organization was made aware of the fraudulent payment five days later when the real vendor requested payment. 

Why The Fraudulent Email Was Easy to Miss

The article indicated that the email address used to send an email request for the bank account change had an additional letter — a small detail easy to overlook.  The fraudster registered a spoofed domain and like the one used in this fraud to create emails that look legitimate.

Consider these examples used to make email address domains look legitimate:

  • Spoof   Use an upper case “i” for a lower case “L”
  • Spoof  Use an “rn” for “m”
  • Spoof  Insert a hyphen

In addition, fraudsters take advantage of the fact that the team members in finance operations receiving these change requests may not have a relationship with the vendor and may not be aware of the correct extension (.com, .net, .org, .io, .biz., etc).  Fraudsters register the same domain name using a different extension.  Again, easy to miss.

Your IT team’s email filters only block a certain % of emails.  According to KnowBe4, Microsoft is the most used and targeted email service in the world and its email guard Microsoft Defender misses 18.8% of phishing emails. 

This means that you and your team members will receive fraudulent emails, some that look very legitimate, so you have to have a plan for how to determine if they are from your real vendor. 

How The Fraudulent Payment Have Been Prevented

With the normal busy work of finance operations, including the vendor team, no one team member should be expected to detect all fraudulent emails.

Consider these authentication levels to ensure you are communicating with your vendor and not a fraudster when responding to an inquiry for how to change remittance details or accepting supporting documentation for a remittance change.

  1. Level One:  Initial Contact
    1. Authenticate the Requestor:  When responding to an inquiry of how to change vendor banking or accepting a request to change banking, take a tip from your banking institution > ask them two to three questions to verify they are the vendor.  Examples include asking for the last 5 digits of the existing banking account and asking for an invoice number from a specific, but random, date.  If you have internal employees that inquire or submit supporting documentation on behalf of the vendor, you may need to ask them verifying questions as well.  Include questions such as their employee id, cubicle #, etc.
  • Level Two:  Before The Banking Change
    • Authenticate the Data:  Use your own vendor banking form to collect vendor banking (banking on letterhead can be forged) and include on the form vendor data that will verify they are the vendor.  Require vendor data such as the bank branch information (routing #, BIC, etc) and account number of the existing banking.  Also require the name, email address and phone number of the existing employee that they are doing business with at your company.

Fraud prevention tactics are often misunderstood and questioned.  Particularly with authentication steps, you may receive pushback from both your internal team members and the vendors.  Document the required steps in your policy and have management sign-off as support.  Your team is responsible when fraudulent payments are made, so take the initiative and also be responsible for pushing needed fraud prevention steps.

© Diversified Communications. All rights reserved.
Cash Management Forum by CMLI

March 18-19, 2025

Austin, TX

Join us for two days of 1-to-1 meetings with solution providers, peer-to-peer networking and conference sessions led by experts.

Sign up for event updates