56% of US companies were targeted by at least one fraud attempt in 2022. A change in suppliers’ credentials — also called vendor fraud — was one of the leading causes of these financial frauds. Read on to find out about vendor fraud examples to watch out for, and what to do to protect yourself.
Trustpair blocks vendor fraud by continuously controlling payments before they’re executed. Any suspicious payment to an unknown vendor is blocked, eradicating the risk of vendor fraud in your organization. Contact an expert to learn more!
1. Invoice fraud
In invoice fraud, counterfeit invoices are sent to and paid by your organization. They don’t match any good or service provided but since they come from a real provider, your accounting team will likely pay them automatically.
That can happen easily without an automated order-to-cash process and proper internal controls by management.
Invoice fraud can be done by:
- A malicious employee in your suppliers’ organizations,
- One of your employees (either low-level or management),
- A mix of both, with your employee helping your supplier’s scheme.
In 2019, a Lithuanian man pled guilty to defrauding Google and Facebook of more than $100M. Through a combination of phishing emails and vendor fraud, he got paid for invoices that appeared to come from the tech giants’ real supplier.
2. Vendor email compromise (VEC)
Vendor email compromise (or VEC) is a variation of Business Email Compromise (or BEC) — both types of cybercrimes.
This fraud happens when your supplier has been compromised. The scenario is similar to your standard invoice fraud, but your unsuspecting supplier has no idea it’s happening.
In this vendor fraud example, your vendors have been hacked and the impostor is the one carrying out the scam. They send an email asking you to change their financial information to “new ones”, which means they’ll receive your supplier’s future payments.
In 2019, a fraudster impersonated the CFO of a real engineering organization under contract with the City of Saskatoon, Canada. The scammer got the city employees to change the bank information on their files, so he received more than $1M when the work was done.
VEC is a type of online fraud, where a third party uses cyber attacks or social engineering techniques to commit wire fraud or other cyber crimes.
3. Fake vendor fraud
In this scenario, fraudsters create a fake or fictitious company and send invoices to your business to be paid.
This requires a lot of research work for the dishonest perpetrators, who need to know who in your company is in charge of procurement, but it’s worth the work.
In 2018, the nonprofit Save the Children lost an estimated $1M from this type of vendor fraud. Cybercriminals sent invoices for a real project they led in Asia, but the company never existed. They were able to leverage insights they got from hacking into an employee’s email account to carry out their scam.
This form of fraud is often linked to employee fraud, as your employees know first-hand your internal processes. They might even be the ones in charge of approving and paying invoices, making this fraud very easy to commit without strong internal controls.
4. Billing fraud
This type of vendor fraud examples is quite common. Billing schemes happen when an employee or a supplier tries to steal money from you by:
- Invoicing you twice. Sending a duplicate invoice means they’ll get paid twice for the same goods or services if you don’t pay attention.
- Inflating their usual price, or charging you for goods or services you never received. They either inflate the price of each item, or the quantity. Overbilling (or overpayment) is a clever and hard-to-detect type of vendor fraud if you don’t have proper controls set up.
It works well for vendors who deal with large quantities, as they assume you won’t have time to account for every one of their products or hours billed. Without strong procurement controls, your vendor may charge you more than what your contract stipulates.
5. Check forgery
Even nowadays, check-tampering is one of the most common vendor fraud examples. It’s a type of internal fraud where your employee tampers with payments destined to your vendors.
In check fraud, scammers use forgery to add their own name to the check before cashing in or create another one under the pretense of paying your supplier. Those schemes happen to businesses whose procurement processes aren’t air-tight.
If they’re working as an accomplice to your vendor, they might tamper with the amount on the check and get a cut out of the difference.
According to our recent study, paper checks were the leading cause of payment fraud. 40% of US companies still use them, making them easy targets for vendor fraud as well as other types of fraud.
Download our latest fraud report for more details about fraud in business!
Vendor fraud in a few words
Vendor fraud is financial fraud done through your suppliers. It’s carried out by a vendor, an employee, or a mix of both working together. In some cases, it’s initiated by hackers who impersonate your suppliers through identity theft or spoofing.
Fraudsters exploit your established relationship with a merchant to get you to approve unauthorized money transactions under false pretenses. They can also try to get access to personal information, sensitive data, or other valuable assets. Vendor fraud can impact many teams in the company (accounts payable, procurement, etc.) and have a significant impact.
The best strategy to detect and prevent vendor fraud
Every company nowadays faces the risk of falling victim to vendor fraud — even small businesses. To protect against fraud effectively, we recommend you set up a few measures in your business:
- Account validation: use the KYS process to verify your vendor’s background and information, and also to control their connection to your employees (to prevent internal fraud).
This needs to be done when you first start working with them and regularly throughout your relationship. Ideally, you want to check your third party’s accounts numbers before every money payment, which is what Trustpair helps you do.
- Segregation of duties: divide your key operations between several employees. For example, one employee is in charge of receiving invoices, a second checks and processes them, and a third approves payment. While this type of internal control makes the process longer, it also makes it more secure against both vendor fraud and internal fraud.
- Trustpair: using anti-fraud software like ours makes your procurement process more secure. Our solution automatically checks your supplier’s bank account in real-time before any payments is sent, ensuring you don’t fall victim to vendor fraud.
We continuously control vendor data. Indeed, we have access to international databases to check vendor data from overseas and use rigorous three-way matching as well as machine learning to detect any fraudulent activity and prevent fraud from happening in your company.
Key Takeaways:
Vendor fraud examples are aplenty! Many schemes exist: fraudsters can be your suppliers, your own employees, or a third party who impersonates them. They divert payment to their own bank accounts. It can take months to detect the fraudulent payment once it’s been processed.
To prevent vendor fraud from happening, you need strong internal processes that integrate anti-fraud software like Trustpair. We help you manage risk on a global scale and will also increase your operational performance thanks to automation. Our services also include detailed financial analytics, extensive customer support, and live warnings in case of a risky situation.