Anatomy of Business Email Compromise Fraud

Anatomy of Business Email Compromise Fraud

Criminals Steal $650,000 from Non-profit Organization.

It was a heartbreaking discovery. A non-profit organization paid out an amount equating to 26 percent of its annual revenue over a month in what the organization thought was legitimate project payments. When the executive director later spoke to the group that was to hire architects and engineers for a low-income housing project, she expected confirmation that things were underway. But the contractor had not received any of the payments made—only an email from the non-profit the previous month stating that it had to delay payment.

The three payments had gone elsewhere. By the time the executive director reported the loss to the FBI, the U.S. Attorney’s office would not investigate. The trail was already cold, and the amount was relatively small. After all, the FBI received 19,300 such reports in 2020. The non-profit managed to recover only a pittance remaining in a shell account in a bank in another state.

How did it happen? The bookkeeper, in this case, a third-party serving the non-profit, was the initial victim of business email compromise (BEC). Once the hackers had gotten into the bookkeeper’s email system, they infiltrated existing email chains. Then they gathered the information needed to imitate the parties and redirect payments.

The criminals, posing as the executive director, had sent that “payment delay” email to the contracting company. They also had intercepted an email from the contracting company with an invoice to the executive director. They resent the legitimate invoice to the director, but altered the wire-transfer instructions for the payment. In the next few weeks, they emailed two more phony invoices modeled on the legitimate one.

Based on these three invoices from the contractor, which she expected, the executive director made three wire transfers totaling $650,000. According to the director, there was not any poor grammar, strange language or unusual expressions in any of the communications. Everything appeared normal and legitimate. It was not until her conversation directly with the contract group that she realized her organization was victim of a sophisticated BEC fraud.

What To Do

How do organizations prevent BEC fraud from happening? First, understand that email, while hugely convenient and valuable, is not secure. Train your staffs in the fundamentals:

  • Create and use strong passwords – 12 or more characters, with upper and lower case, numeric and symbols. Avoid complete words (including in foreign languages—they’re not foreign to hackers’ programs). Substituting numbers for letters like zero for “o” is not a unique idea—the hackers are way ahead of you.
  • Do not use the same password across systems and accounts.
  • Do not share your passwords.
  • Do not open any email attachments unless you are sure of their origin and legitimacy.
  • Do not open any email attachments with .bat, .exe, or .vba extensions, or with unknown file extensions.
  • Beware “fraud alerts” that urge clicking a link in the email.
  • Make sure web connections are secure, i.e., “HTTPS,” not “HTTP” only.
  • Do not collect or transmit sensitive information via email, e.g., vendor tax ID numbers or bank account numbers.
  • Create control processes to verify all communications regarding payments to vendors independently.

Solicit help from IT on additional security measures you can take.

Business email compromise occurs frequently, though it does not grab headlines the way larger security breaches do. Nevertheless, BEC is costly. According to the FBI, BEC accounted for $1.87 billion in losses last year. And the trend continues steadily upward. Organizations must educate their people, create an alert environment and employ technological and process controls. Often it is not technology that fails but the people using it. In the case of email, the hazards are considerable.

A safe way to gather sensitive vendor information is via a secure vendor self-service portal. To learn how VendorInfo can help, contact us.

Simple to Launch.  Simple to Use.

Request a Demo

Stop Calls and Emails, Enhance
Service and Increase Profit!

InvoiceInfo saves labor hours and cost by helping suppliers and internal staff easily and instantly get answers online to their invoice-payment questions.

If you are like many finance leaders today, you are being challenged to reduce costs more quickly. InvoiceInfo delivers real bottom-line results almost immediately, allowing you to deploy your customer service staff to focus on more productive, bottom-line oriented tasks.

Let us show you how InvoiceInfo's vendor self-service portal can help your organization eliminate invoice inquiry emails and calls while enhancing service to your accounts payable customers.


Get Up and Running Quickly and Seamlessly

InvoiceInfo and VendorInfo are standalone applications that can be up and running in as little as two weeks, with little or no IT resources required.

The faster your online portal is up and running, the sooner you will start reaping the benefits. InvoiceInfo and VendorInfo are dedicated solely to helping AP and procurement departments slash the time and expense of servicing vendors, while improving customer service for their suppliers.

InvoiceInfo and VendorInfo are simple solutions with big results. They are easy to implement and easy to use. Here’s how one customer described the process: “You give vendors a URL, provide instructions about what they need to know and tell them to go use it.” It really is that easy.


Improve Productivity with a Self-Service Solution

For most organizations, deploying a technology solution is a significant investment, and like most investments, the decision point ultimately comes down to the expected return on that investment.

According to a recent benchmark study by The Accounts Payable Network, 60% of AP customer service calls are from vendors while 40% are from internal customers. Vendor issues actually make up even more of the AP call volume than the 60% identified. Many times when a vendor has an issue, the vendor contacts their buyer or purchasing representative, who in turn contacts AP. Even though the call comes from an internal customer, the question originated with the vendor.

Vendor calls affect productivity in your organization exponentially. When vendors call the requisitioner, they are affecting that person’s productivity. Your internal customer’s productivity shrinks when fielding the vendor’s call and again when making the follow up call to AP and getting back to the vendor. Finally, AP’s productivity suffers as a result of the internal customer’s call, the payment status research and the follow-up communication.

With a minimal investment of IT time and talent, you can start reducing customer service calls and expense in a matter of weeks. In addition, you improve vendor relations since you are giving your vendors what they want — answers to their questions immediately — a win-win for everyone involved!


Easy and Economical Solution to Serve Vendors Around the World

InvoiceInfo can help you provide best-in-class customer service to your vendors around the world at a fraction of the cost.

Many organizations today have offices and operations throughout the world and are dealing with many time zones, different languages, and in some cases multiple ERP systems. InvoiceInfo currently supports different languages and can easily work with multiple ERP systems in different locations.

The key to good customer service is to provide the information that the customer wants when they want it. Whether your customer is a vendor waiting for a payment or a colleague that needs information on payment status, they want their information right away. If your organization has vendors and offices in other countries, they can be challenging and expensive to serve. But, with InvoiceInfo, your international vendors and internal customers can access the information they need when they need it.

With InvoiceInfo, you won’t have to staff your customer service team with 24-hour coverage in multiple languages to provide high-quality customer service around the world.


Enhance AP’s Role As a Strategic Partner

Learn how InvoiceInfo can help AP do more with less while continuously improving productivity and bottom-line results.

Many automation technologies such as scanning, workflow, e-invoicing, ACH, and electronic invoicing require significant investments of money, time and talent, making it difficult to get buy-in from upper management. Not InvoiceInfo!

If your goal for your AP department is to reduce costs quickly, call or email us today to learn more about how InvoiceInfo can help you achieve this goal through a quick, inexpensive and easy implementation of a vendor self-service portal.


Enhance Vendor Relationships

InvoiceInfo helps suppliers’ AR departments with simple and convenient access to invoice payment status online at a cost savings for all involved.

It may seem that the organization paying the vendor should hold all the cards in the relationship. But sometimes the opposite is true. Past-due payments and customer service perceptions can harm supplier relationships and disrupt the supply chain.

Your vendors and vendor relationship managers are living in a dynamic, fast-paced environment, so when invoice information is required, it is needed quickly and expected to be of high quality. With InvoiceInfo, your suppliers get answers to invoice inquiries real time, 24/7 with no need to leave messages and wait for responses. Studies show that confidence in data increases when suppliers access invoice and payment information themselves.


Give Procurement and Buyers the Tool They
Need to Respond to Vendors Quickly

Not only can InvoiceInfo be used by suppliers to learn the status of invoice payments, it can also be used internally within your organization.

In addition to reducing calls from vendors regarding invoice status, you can also reduce internal emails and calls from co-workers wanting to learn the status of invoice payment, and save time and effort and boost efficiency and productivity across the organization. Studies show that 40% of AP customer service calls are from internal customers. Many of these are from requisitioners who have received calls or emails from the supplier checking on payment status. These calls are often more expensive for the company because the internal staff member has taken the call or received an email from the supplier, contacted AP for the payment status and had to return the call or email the supplier.

By providing the vendor with a convenient and credible online option to get the answers it needs regarding payment status, you can eliminate multiple calls/emails between the vendor and the requisitioner saving time and money.


Eliminate Difficult Vendor Calls and See
Productivity and Staff Morale Soar

Reduce invoice payment inquiries and “promote” your vendor service team to more satisfying and profit-producing tasks.

By sharply reducing inbound calls and emails regarding receipt and payment status that your AP staff must handle individually, your staff can focus their efforts on more productive, cost-saving activities, learn new tasks, feel more confident and boost their careers.

According to a recent American Express survey on customer service, more than one-third of consumers have lost their temper with a customer service professional in the past year. Of those who lost their temper, three in ten “hung up the phone.” Your staff will no longer have to deal with difficult collectors who can be upsetting and disruptive. Your staff will feel that their time and talents are being put to better use and will feel better about themselves, their jobs and their organization. Reducing these calls can be a real productivity and morale booster for your AP department!


Simplify and Streamline Vendor Onboarding

According to Price Waterhouse Coopers, the average organization spends about $20 in labor to file each paper document, approximately $120 in labor searching for each misfiled document and $220 in re-creation of a document.

Wouldn’t it be great to have all your W-9’s, W-8’s and other registration documents completed online and instantly filed online for easy access when needed? With Vendor Self-Service Onboarding Module, VendorInfo, you can onboard your new vendors in one convenient location and eliminate paperwork and hassles.


Verify the Accuracy of Vendor Information and Stay in Compliance with IRS and Treasury Department Regulations

Government regulators are increasing the complexity of regulations and penalties associated with vendor-related non-compliance.

Penalties for incorrect 1099’s have more than doubled in recent years. Over the last several years, OFAC has levied more than $1 billion in fines against American companies or subsidiaries that did business with restricted businesses, organizations and individuals on its SDN list. In addition to fining these companies, the Treasury Department posts the names of infringing organizations along with fines paid.

VendorInfo Onboarding Module verifies the accuracy of vendor information and helps protect your organization by avoiding embarrassing penalties and fines.

Book Your Live Demo