Don’t Get Taken By Accounts Payable Cyber Crime

Cyber criminals are trying to get you to send them money. Don’t fall victim to this growing scam.

It’s not often that I get to see a cyber crime attempt play out in front of my own eyes, but that’s just what happened during a recent visit to one of Acuity’s customers. What transpired is something that all companies can learn from.

Here’s how the scam works: An email claiming to be from a company officer arrives in the controller’s inbox authorizing payment of an invoice with instructions to wire money to a supplier—often $20,000 to $30,000. The problem? The email is fake, coming from a bogus address that is typically just one letter off from a genuine one. Unfortunately, once the money is wired, it’s gone.
 

That’s just the con I saw go down while visiting a manufacturing client with my colleague Troy. While we were talking to the company’s owner and controller, the controller received an email asking to wire payment of $26,000 to a supplier. The email appeared to come directly from the owner—it even had the owner’s company signature graphic on the bottom!

The controller turned to the owner and said, "I’m right here—why didn't you just tell me to pay this invoice?" The owner claimed to have never seen the bill. We all looked at the email and noticed, while it looked legitimate, there was one wrong letter in the sender’s email address.

Fortunately, this particular crime attempt was averted with the press of the “delete” button, but other companies aren’t so fortunate and fall victim to scams like this. Large corporations receive many invoices each day, and approvals are often transmitted via email. Therefore, it’s especially important that companies are vigilant to this threat. Be sure all email requests are genuine, and advise your staff members who process payments to be alert as well.