6 Red Flags of Vendor Fraud to Watch Out For

vendor fraud red flags

Last modified on November 9th, 2023

Google and Facebook recently lost over $100M to vendor fraud. Watching out for vendor fraud red flags will protect you against those financial and reputational risks! Keep reading to find out what signs to look for and learn how to efficiently protect your business against vendor fraud.

Trustpair blocks the effect of procurement fraud thanks to ongoing vendor account validation. Our automated and real-time checks mean your vendor data is secure and accurate throughout the payment chain. Request a demo to learn more!

New call-to-action

Red flag #1: There are typos

Did you receive an email that looks a bit weird? You might be a victim of spoofing.

Spoofing is when cybercriminals impersonate someone you know by using an email similar to your original contact.

For instance, one of your employees gets an email from john@amazonn.com (2 Ns) instead of john@amazon.com.

This email (or text) could ask you to update their financial information. In reality, your employee is swapping your real contractor’s details for a hacker’s one.

The same goes for typos in the body of the email, or a change of tone. If something feels off, it’s better to contact your contact through another means to double-check check they’re really the ones who sent the email. Most company employees are targeted by fraudulent emails on a daily basis: it’s better to be extra careful to avoid fraud.


Red flag #2: You don’t know the person

Stranger danger also goes for business! Be wary if you’re contacted by someone you don’t know, even if they come from a government agency. Many fraudsters pretend they’re government or banking employees to access sensitive data easily.

Someone contacting you from “supplier office HQ” out of the blue should also put you on your guard. They might be impersonating a new associate trying to lure you into divulging information that would lead to vendor fraud.

If you have any doubts, ask that any introduction be done through your trustworthy contact. A simple email with them cc’d could put your mind at ease and ensure that you’re not about to fall victim to procurement fraud and fake vendors. Although of course, an elaborate scammer would hack into your contact’s email and include personal details to make you think it’s him/her talking to you.


Red flag #3: it feels urgent

Vendor fraud red flags include anyone contacting you with a sense of urgency. Granted: everyone is incredibly busy these days, and there is a lot of pressure around.

But that’s exactly what scammers count on: you considering this is yet another urgent matter that needs to be solved NOW to put your mind at ease. They want you to override the usual process and fall directly into the trap.

Social engineering attacks use psychology and our innate vulnerabilities to commit fraud. They’ll inform you of a deadline, send reminders with an escalating tone, and include threats to both your job and your organization to get you to act fast.

All of that contributes to a heightened emotional state, which means you’ll be less likely to think about what you’re doing before it’s too late.

Social engineers will for instance send you an email saying that they need an urgent payment (either by wire transfer or credit card) for a late invoice, before escalation.

Red flag #4: The information doesn’t match with your master file

All requests to change your contractors’ payment information should be treated as fraud indicators. Your supplier (or someone impersonating them) could for example ask you to:

  • Update their accounts information because they changed banks or are “undergoing an audit”.
  • Include a link to pay by card for your purchases (which turns out to be a phishing or pharming trick).
  • Send cash or checks as payments for an order of goods or services.
  • Divulge details of a contractor’s contract, elements they can use for a later fraud scheme.
  • Approve “contracts updates” that include higher prices or a higher number of items without being previously discussed.

Be cautious regardless of the reason given. That’s especially true if the name and location of the new financial information don’t match the ones you have on your vendor master file.

Let’s say your vendor John sends you a request to update their credentials. When doing your account validation, you then realize the contractor’s name on the new bank account is different. You ask John, who tells you they’ve opened up a new subsidiary.

This is a sign of vendor fraud — do not wire money to John! Take the time to make extra verifications before deciding how to proceed. If John is really John, he’ll understand the delay and provide the documentation to make it work (and win the bid!).


Red flag #5. Your new vendor wants to skip a step

Supplier onboarding is a crucial step in the Know Your Supplier (KYS) process. Besides being a legal obligation in many countries like the US, it’s also a way to ensure you’re not going to be a victim of vendor fraud.

As such, it should be included as a step in your contract specifications before bids or purchases are made.

If a new contractor is reticent or downright refuses to provide you with the financial information needed, consider this a vendor fraud red flag. You should have limited contact with them and refuse their bids.

Anyone not willing to comply with third-party verification, bank details checks or other procurement details should raise the alarm. That’s especially true if your supplier wants to skip ahead and wants you to make a purchase (a big one!) for goods or services straight away.


Red flag #6: Changes on invoices

Invoice modifications can be a sign of vendor fraud as well. We’re talking about obvious or subtle changes in your invoices like:

  • A logo is pixelated,
  • The address is different,
  • The color is slightly off,
  • There are typos,
  • The numbers are similar to another invoice.

Those are vendor fraud indicators because they suggest that scammers copied original invoices:
Scammers might be trying to pass off their invoices as real suppliers’ ones.
Or they’re sending false inflated duplicates.

In the latter case, it usually happens through internal fraud, with the help of one of your employees, or supplier’s employees.

It’s easy to come up with procurement fraud schemes and send inflated duplicate invoices (one or the other) when you know firsthand the company’s internal processes.

Invoice fraud is sadly quite common: it’s estimated that American companies lose $300,000 from fake invoice fraud each year.

It’s usually helped by internal fraud, as employees or casual personnel can easily:

  • Change orders, purchase orders, contracts, and all supporting documentation.
  • Manipulate inventory to artificially match false purchase orders.
  • Take part in collusion with your vendors, and tamper with the bidding process.
  • Divulge private data to fraudsters.

Vendor fraud includes bid ridding too, where employees (or upper-level management) change the winning bid or facilitate the acceptance of late bids as a first step towards committing fraud. They could also meddle with your accounts payable.


Vendor account validation, the ultimate defense against vendor fraud

Besides knowing vendor fraud red flags, what can you do to protect yourself? The key to efficient protection is ongoing vendor account validation.

While 74% of companies check their vendor data during onboarding, only 20% do it before sending payment campaigns. This is the biggest gap in your procurement process, and it leaves you wide open to scams.

Fraudsters count on the fact that you don’t have the time and resources necessary to check your vendor’s credentials before sending any transaction to commit fraud.

But that was before Trustpair. Our anti-fraud software runs automatic vendor checks in real-time before sending any transactions, so you’ll be protected against vendor fraud even if you miss a red flag. We use pattern recognition and predictive modeling to flag any suspicious outgoing payment — even with overseas suppliers. You can rest easy knowing your vendors are always verified and that your funds always go to their intended beneficiaries. With a 100% success rate with our clients, Trustpair offers complete protection against vendor fraud.


Key Takeaways:

  • You need to be on the lookout for vendor fraud indicators in your business. Anything that looks suspicious should raise the alarm and trigger more verification.
  • Trustpair offers complete protection against vendor fraud. We run continuous checks of your vendor’s credentials so you always know who you’re paying.


A new client refusing to comply with onboarding, typos, changes in invoices, and urgency are some warning signs of vendor fraud.

Account validation means checking your suppliers are who they say they are. No fraudsters can impersonate them and trick you into sending them money, which is how vendor fraud works.

Trustpair provides ongoing account verification. We run automated checks in real time before sending any transactions to your vendors, eradicating the risk of vendor fraud.

We block payment fraud by checking each payment campaign before it’s executed. Suspicious data – unknown vendor bank details, etc – is automatically flagged and a warning is sent in case of risky situations. We help finance and treasury teams as well as procurement departments handle their work with peace of mind.

Manage the risks related to corporate treasury.

Receive our latest news

Subscribe to the Trustpair Newsletter and receive advice every week…
Thanks ! Your subscription to the Trustpair newsletter has been taken into account.

        By clicking on “Subscribe”, you agree to receive the Trustpair newsletter to be informed of news or important information about our services. By subscribing, you agree to our Privacy Policy.

Related Articles