Vendor Impersonation

By deceiving businesses into transferring payments to fraudulent accounts, criminals directly generate illicit proceeds from the victim's finances.

Exploits email-based or non-face-to-face communication channels that have weak identity verification or insufficient procedural oversight.

• Maintains official contract terms, historical invoice records, and payment instructions.
• Enables direct comparison of past and present invoice details (e.g., vendor names, addresses, bank account information) to detect subtle discrepancies indicative of impersonation.
• Supports verification of legitimate versus fraudulent invoices in accounts payable processes.

• Provides comprehensive records of financial transactions, including timestamps, amounts, origin and beneficiary account details, and references.
• Detects suspicious changes in vendor payment instructions or unusual layering and funneling of stolen funds.
• Helps reveal anomalies in payment patterns consistent with vendor impersonation.

• Contains detailed information about new or existing beneficiary accounts, including ownership, account opening date, and balance history.
• Identifies accounts with minimal or inconsistent transaction histories, suggesting potential fraudulent usage.
• Helps confirm whether a receiving account is genuinely associated with the legitimate vendor.

• Stores verified vendor data, including official contact details, authorized signatories, and beneficial ownership.
• Monitors updates to vendor profiles and triggers internal checks to validate the authenticity of changed contact information.
• Enables swift verification of vendor identity before processing payments to prevent impersonation.

• Captures metadata (and, where permissible, content) of electronic communications such as emails, phone calls, and messages.
• Verifies whether instruction changes were made solely via email or from suspicious domains.
• Identifies urgent payment requests, domain mismatches, or typosquatting indicative of vendor impersonation.

• Tracks the geographic origin and destination of financial transactions, covering both domestic and cross-border movements.
• Detects shifts in vendor payment routes or payments to atypical jurisdictions inconsistent with the vendor’s usual operations.
• Helps flag potential higher-risk regions for closer scrutiny when a vendor's account details suddenly change.

Configure monitoring rules to flag first-time payments or recent changes in vendor banking details, particularly for new accounts with minimal transaction history. Automatically alert compliance teams about last-minute changes, unusual jurisdiction shifts, or payment amounts inconsistent with past vendor billing patterns.

Conduct periodic authenticity checks on vendors, verifying legitimate business registration and official contact points. Investigate any abrupt modifications to official email addresses or payment account details, and stipulate contract clauses mandating notification of updated banking information through multiple, verified channels.

Enforce mandatory out-of-band verification for any changes in vendor payment instructions or contact details, requiring staff to confirm alterations through verified phone calls or in-person channels. Cross-check new information against existing vendor records before finalizing payments to intercept fraudulent requests.

Provide specialized training for accounts payable and finance staff to identify impersonation indicators, such as email domain mismatches, sudden unfamiliar urgency, grammatical inconsistencies, or out-of-cycle payment requests. Instruct staff to pause and escalate any invoice or payment instructions that deviate from established norms.

Educate corporate and SME clients on common vendor impersonation tactics by providing specific examples of spoofed email domains, invoice tampering, and payment diversion attempts. Encourage them to establish clear internal checks for any unexpected invoice changes, confirm via official phone channels, and maintain consistent oversight of supplier details.

• Criminals impersonate a recognized vendor and instruct victims to route payments for legitimate invoices into attacker-controlled bank accounts.
• Because bank accounts can be opened under false or straw identities and quickly dispersed across multiple jurisdictions, criminals can layer and move stolen funds before the fraud is detected.
• The familiarity of routine vendor payments reduces scrutiny, enabling attackers to receive and funnel illicit proceeds in a manner that appears as normal business transactions.

• Attackers generate or alter invoices to display fraudulent bank details, ensuring victims believe they are settling legitimate balances.
• By diverting these invoice-based payables, criminals transform the victim’s normal vendor obligations into direct illicit proceeds.
• The invoice format exploits routine accounts payable processes, making it appear as an ordinary settlement rather than a suspicious payment.

• Attackers manipulate invoice workflows, inserting or amending invoice details so victims settle payments to the criminal’s account under the assumption they are genuine vendor invoices.
• Automated invoicing systems can be exploited if security checks are bypassed, leading to successful redirection of funds to fraudulent accounts.

• Criminals send fraudulent invoices through spoofed or compromised vendor emails, prompting victims to pay via legitimate payment processors but directing funds to attacker-owned accounts.
• Once the payment is approved, the criminals quickly transfer or withdraw the money, making recovery difficult and detection delayed.

• Fraudsters may open or control ordinary business accounts to receive payments intended for legitimate vendors.
• They disguise the transfer as a routine settlement of invoices, causing unsuspecting payers to send funds into these fraudulent business accounts.

• Attackers provide fake or updated wire instructions under the guise of a legitimate vendor, diverting payments into their own accounts.
• Wire transfers often settle quickly, allowing criminals to move or disperse funds before the fraud is discovered.

Cybercriminals knowingly orchestrate vendor impersonation by:

• Using compromised or spoofed email accounts to trick victims into sending payments to attacker-controlled accounts.
• Exploiting trusted vendor relationships and urgency in payment requests to bypass scrutiny.
• Rapidly layering or dispersing the stolen funds through multiple accounts, complicating financial institution monitoring and traceability.

Businesses are unwittingly exploited when they receive and pay fraudulent invoices, assuming they are from legitimate suppliers. These payments are typically routed through standard accounts payable processes, unknowingly sending funds to attacker-controlled accounts. Financial institutions may initially view such payments as routine, delaying detection.

Legitimate suppliers or distributors are unwittingly exploited when attackers spoof their email accounts or communications. This deception leverages the existing trust between the vendor and payer, leading financial institutions to process these transactions as normal settlements without immediate suspicion.