fbpx
Contact Us
 
Contact Us

Insights

< Back to Thought Leadership

Payment Re-Direct and Business Email Compromise Fraud Schemes

payment re-direct and business email compromise
August 06, 2024

By Luke Pierce, CPA, Manager, at Blue & Co.

What is a payment re-direct and business email compromise scheme?

A payment re-direct and business email compromise scheme is when a cybercriminal impersonates a company vendor and requests payments to be re-directed to a fraudulent bank account. Not-for-profit businesses have become a frequent target for payment re-direct and business email comprise schemes. These fraud schemes can result in significant financial losses for their victims.

What does this fraud scheme actually look like?

In its simplest form, this fraud scheme may appear as an email from an address that closely mirrors that to which the fraudster is attempting to replicate. For example, accountspayable@microsoft.com may be the email from which organizations usually receive a monthly invoice from Microsoft; the cybercriminal may attempt to impersonate Microsoft using an email address such as accountspayable@microsft.com.

Payment re-direct and business email compromise schemes can also be much more elaborate. Perpetrators of this fraud scheme will often try to initially breach an organization’s information technology system via phishing emails. Once the cybercriminal gains access to entity information, they will then monitor emails and other information exchanges, unbeknownst to the victim. They then use the information they gathered to impersonate an organization’s vendor. This guise can be so elaborate that the victim might receive an invoice that looks exactly like the one they usually receive within an email that’s worded identically to the usual emails from that vendor.

The cybercriminal may also attempt to impersonate an organization employee, business partner, or government agency. In these fraudulent emails, the cybercriminal will request a change in payment information. Once that payment information is updated and the wire transfer made, that money is then irreversibly lost.

Payment re-direct and business email compromise fraud seen by Blue & Co.

A local not-for-profit was recently the victim of a payment re-direct and business email compromise scheme. In this instance, the cybercriminal hacked into the organization’s IT system and gathered information. After a while, the hacker sent an invoice and a change in payment information request form from an address that appeared to be a vendor’s email. The Controller then submitted the invoice and change in payment information request form to the Executive Director. The Controller quickly received a response back from the Executive Director’s email address instructing him to update the payment information and pay the invoice ASAP.

It was not discovered until after the payment information was updated and the wire sent that the email approving the payment and change in vendor information was not sent by the Executive Director, despite it having come from the Executive Director’s actual email address. In this instance, the not-for-profit lost approximately $300,000.

What went wrong in this situation? First, the not-for-profit’s IT security system was insufficient in that a hacker was able to gain access to their system and go undetected. Second, the not-for-profit did not reach out directly to their vendor via phone call or other offline means to verify the legitimacy of the change in payment information request. Lastly, an unwarranted sense of urgency in an email should raise a red flag and follow-up questions should have been asked offline prior to the payment having been made.

How can this type of fraud be prevented?

  • Enhanced IT security
    • Businesses should ensure they have advanced email filtering solutions that can detect and prevent phishing attempts. Strong firewalls should also be in place. Organizations are often hesitant to invest as heavily in IT security as they should; however, IT security is a necessary investment in today’s business environment.
  • Segregation of duties
    • Changes in vendor payment information should be approved by a second individual at the organization prior to any disbursements being made to that vendor and there should be a segregation of duties between the individual who has the ability to modify vendor information and the individual responsible for authorizing vendor payments.
  • Verify change in payment information requests
    • Organizations should verify all change in payment requests with the vendor via offline methods through a known and trusted communication channel, such as a phone call with the account representative at a vendor. Notably, organizations should avoid using contact information included in an email that requested a change in payment information.
  • Educate employees
    • Organizations should train employees to look out for telltale signs of phishing emails, such as unusual attachments, hyperlinks, and words that imply a sense of urgency. This training should occur at time of hire and at least annually thereafter. Many organizations and companies send fake phishing emails to their employees to gauge their workforce’s ability to detect phishing attempts.
  • Monitor and audit transactions
    • Automated monitoring systems can instantly flag transactions it deems to be unusual, allowing businesses the opportunity to prevent a transaction from being executed before it’s too late. Businesses should also perform a manual review of their check register on at least a monthly basis and investigate any unusual disbursements.
  • Use secure payment methods
  • Develop a disaster response plan
    • Organizations should develop a written process plan that details what steps to take in the event they fall victim to a payment re-direct and business email compromise fraud scheme. Freezing bank accounts, notifying banks and vendors, and investigating how the fraud occurred should be components of the disaster response plan.

How Blue & Co. can help

Blue & Co. has recently formed a partnership with Pioneer Technology, LLC to form Blue Pioneer Consulting. Blue Pioneer Consulting specializes in IT assessments, IT support, cybersecurity, data analytics, and technical professional services.

Please visit https://bluepioneerconsulting.com/ for additional information on how Blue Pioneer Consulting can assist with your IT security needs. Blue & Co. can also perform a review of internal control processes to help ensure internal controls are properly designed and implemented to detect and prevent fraud attempts. Contact your local Blue & Co. advisor if you would like to learn more about these services.

Resources View More Resources

Coronavirus Resources & Information
2019 Year-End Tax Planning Guide
Implementation Guide: ASU 2016-14 Presentation of Financial Statements for Not-for-Profit Entities

Recent Articles View All Thought Leadership

Balloons that read "14" to celebrate 14 years of being named to the Best Employers in Ohio list by Crain's Cleveland

Blue & Co., LLC Named One of the Best Employers in Ohio

September 09, 2024

CARMEL, Ind. (September 9, 2024) – Blue & Co., LLC is honored to be named one of the Best Employers in Ohio by the Best Companies Group. This designation is […]

Learn More
endowment fund

Establishing Comprehensive Endowment Policies

August 28, 2024

By Doug Hasler, CPA, Director at Blue & Co. Whether your organization is considering soliciting donor-restricted permanent endowment contributions as part of a new capital campaign or you already have […]

Learn More

Establishing Comprehensive Endowment Policies

August 28, 2024

By Doug Hasler, CPA, Director at Blue & Co. In the first part of our series on establishing comprehensive endowment policies, we covered endowment creation and investment policy considerations. If […]

Learn More
Subscribe to our newsletters.

Facebook

Members of our healthcare practice traveled to Naperville, IL today to participate in the First Illinois chapter HFMA’s scholarship event. They got to enjoy Topgolf and networking with other chapter members. ⛳️ ... See MoreSee Less
View on Facebook
· Share

Share on Facebook Share on Twitter Share on Linked In Share by Email

Quick Links

AICPA SOC Award Banner for Service Organizations | Blue Button
Blue & Co. Logo

Copyright © 2024, Blue & Co., LLC.
All Rights Reserved.

See All Locations