Vendor Info Change Request: A Fraudster’s Favorite Gateway to Your Company’s Finances

Why It Matters: 

Enterprise organizations manage a high volume of invoices and payments each month through complex, largely manual processes. Disconnected operations and siloed technologies further hinder visibility and coordination across departments. A simple vendor information update could be your company’s biggest security vulnerability

Like everybody else, cybercriminals use AI tool too, to impersonate vendors and executives, making it harder than ever to verify legitimate change requests.

‍By the Numbers:

• 80% of organizations were victims of payments fraud attacks/attempts in 2023 says the 2024 AFP Payments Fraud and Control Survey Report

• The FBI reported $2.9 billion in losses from BEC in 2023

• According to the Association of Certified Fraud Examiners, a typical organization loses 5% of its revenue to fraud, with the average loss totaling more than $1.78 million

The Big Picture: 

Traditional verification methods are failing against advanced AI-driven fraud attempts.

How It Works: 

Traditional verification processes typically involve contacting and/or calling the vendor to confirm the change request.

‍

The Problem: 

These methods are increasingly vulnerable to Business Email Compromise (BEC), AI-generated voice clones, deepfakes, and hyper-realistic phishing attempts.

Here’s how fraudsters are using these technologies:

1. Business Email Compromise (BEC): Attackers impersonate executives or trusted partners via email, often using AI to craft convincing messages that mimic writing styles and your company jargon. They create urgent scenarios to pressure employees into transferring funds or sharing sensitive information.

2. AI-generated voice clones: Using as little as a 3-second audio sample- usually found online on YouTube or LinkedIn- fraudsters can create synthetic voices that sound like executives or employees. They use these in phone calls to authorize fraudulent transactions or request sensitive data.

3. Deepfakes: Advanced AI techniques create highly convincing fake videos or audio recordings of real people. These are used to add credibility to the requests, often in combination with other tactics.

4. Hyper-realistic phishing: AI-powered tools craft personalized, context-aware messages that are extremely difficult to distinguish from legitimate communications. These often include accurate details about the company and ongoing projects to increase believability.

What’s Next: 

Finance teams must leverage advanced AI-powered tools to enhance verification processes providing key capabilities like:

• Pattern Analysis: Leverages AI models to identify anomalies in change requests based on sender, timing, frequency, vendor details and content.

• Real-time Fraud Detection: Instant risk scoring prioritizes high-risk cases for immediate review.

• Continuous Learning: Machine learning models adapt to evolving fraud patterns.

• Multiple data points: Cross-references requests with other data sources-ERPs, finance systems, trusted vendor database, for legitimacy.

• Automated Workflow Management: Streamlines verification process and escalates suspicious requests.

• Audit Trail and Reporting: Provides comprehensive logs for compliance and incident analysis.

As fraudsters use and leverage AI, companies must fight fire with fire and can’t rely on manual controls any longer. Adopting new generation AI-powered verification tools is crucial for maintaining financial security and avoiding significant losses.

‍

The Bottom Line: 

As fraudsters use and leverage AI, companies must fight fire with fire and can’t rely on manual controls any longer. Adopting new generation AI-powered verification tools is crucial for maintaining financial security and avoiding significant losses.

‍