

Vendor Payment Fraud & Business Email Compromise (BEC)
Payment fraud is one of the fastest-growing threats facing businesses today. Two of the most common schemes - Vendor Payment Fraud and Business Email Compromise (BEC) - can cost companies millions of dollars each year.
What Is Vendor Payment Fraud?
Vendor payment fraud occurs when criminals impersonate a vendor your business regularly pays and request changes to payment instructions.
They may contact you by:
- Phone
What Is Business Email Compromise (BEC)?
BEC is a broader scam where criminals manipulate email communications to trick employees into sending money or sensitive information.
Common examples include:
- A vendor sending “updated” payment instructions
- A boss requesting urgent payment
- Requests to purchase gift cards
- Fake wire instructions from title companies
These messages appear legitimate - but are fraudulent.
How Criminals Trick You
Scammers use increasingly sophisticated tactics:
- Spoofed email addresses that look nearly identical
- Access to real email threads via malware
- Social engineering and urgency to pressure for quick action
- Public or stolen information to appear credible
The #1 Way to Prevent Fraud: Always Verify Payment Instructions by Phone
Best practice:
- Call the vendor using a known, trusted number
- Do not use phone numbers or links provided in the request
- Confirm account details verbally with a verified contact
Even if the email looks legitimate, it could be compromised.
Warning signs to watch for:
- Requests to change payment instructions
- Urgent or pressure-filled messages
- Slight changes in email addresses
- New or inconsistent contact details
These are often indicators of fraud.
Best Practices to Protect Your Business
- Require dual approval for payment changes
- Implement multi-factor authentication (MFA)
- Train employees on fraud and phishing
- Avoid clicking links or attachments from unknown sources
- Verify all changes using a second method (out-of-band)
- Monitor accounts for unusual activity
What To Do If You Suspect Fraud
Act immediately:
- Contact your bank
- Attempt to stop or recall the transfer
- Report the incident to the FBI’s Internet Crime Complaint Center (IC3):
https://www.ic3.gov