Fraudsters are as creative as ever. Recently, I was told a story of fraud that resulted in more than $750,000 being paid to some very resourceful bad guys. You wouldn’t think this scheme could be successful with controls that are in place, but this one had a twist. This case didn’t happen due to the current environment (COVID-19) – it could’ve happened anywhere, at any time, to any organization. This is a story that I believe everyone can benefit from.

A few months back, a supplier’s entire network, including their ERP system, was compromised by hackers. They didn’t hold it for ransom or share salacious emails with the tabloids. What they did was quietly download customer and transaction information, being careful to not raise any flags.

The fraudsters then sent out emails to the supplier’s customers targeting Accounts Payable, asking simple questions about open invoices. They posed as the supplier’s Controller and utilized the company’s email so no one would suspect anything was awry. Accounts Payable received an email that appeared to originate from the supplier’s Controller asking questions such as “I see this invoice is due, have you paid it yet?”  “Do you need copies of these invoices?”.

A New Spin on a Known AP Fraud Scheme

Once the fraudster established an ongoing conversation with the Accounts Payable department, they simply asked for the banking information to be changed. Due to repeated email conversations with the same person, a level of trust was formed, and the change was made without hesitation. Keep in mind, processes were in place to avoid this exact type of fraud, but because valid information was flowing, with what was thought to be a legitimate person with the supplier, someone let their guard down.

The result was banking information was changed as directed by the fraudster Controller. Multiple payments were made via ACH – over the course of several months, at a cost of $750,000!! Quite possibly this went unnoticed for as long as it did due to the change that occurred pre-COVID-19, and during the adaptation to the remote working environment.

We all have relationships with our vendors, sometimes exclusively over email, so no one is immune. We must be diligent and follow all established protocols, even if we are sure we are communicating with a trusted source. These internal controls are designed to not only have checks and balances, but to protect against fraud. Circumventing these controls – working around them, leaves the company exposed to huge financial losses.

Vigilance is Required

As our defenses get better, so will the fraudster’s scams. Bad actors look for ways to exploit vulnerabilities in processes. They work very hard to penetrate companies from all angles; they are smart, and they are clever. They create complex schemes to facilitate fraudulent activity. They will run the same scam thousands of times looking for that big payday. Many of the schemes include influencing people to work around internal controls by developing relationships, threatening to put the company on credit hold, and currently in the COVID-19 work environment – capitalizing on the remote worker.

Regular communication with your team and with your peers at other companies (through trade and other associations) will help to reinforce the controls in place and keep everyone mindful of the endless potential for fraud. Share your experiences and learn from others some have learned the hard way. Work with your teams and corporate partners to share experiences and to maintain awareness to potentially fraudulent activities.

Most of all, abide by your established internal controls. Fraudsters succeed when the process is bypassed. While adhering to processes might be inconvenient, or you don’t want to offend someone – you are quite possibly the last line of defense in the fight against fraud.

While this scheme was very complex in its execution, an Accounts Payable Recovery Audit can identify process breakdowns – work arounds – that could be costing your organization millions of dollars.

Contact Us to Discuss Your Risk



SAS Insights

August 15, 2023

Strategic Audit Solutions, Inc. Promotes Recovery Audit Industry Veteran Larry Crawley to Chief Technology Officer

Freehold, NJ – August 9, 2023 Strategic Audit Solutions (SAS), an industry-leading multi-vertical recovery audit firm, is pleased to announce the promotion of Larry Crawley as Chief Technology Officer, effective […]

Continue Reading
July 26, 2023

Your Supplier Is Not the Enemy

Critical Supplier Relationships and Audit Guidelines In any Accounts Payable Recovery Audit, a crucial but often abused component is the protection of the critical relationship clients have with their suppliers.  […]

Continue Reading
Strategic Audit Solutions rebranding press release
July 17, 2023

Strategic Audit Solutions Unveils Rebranding Initiative, Introducing a Fresh New Look

Freehold, NJ – July 14, 2023 Strategic Audit Solutions (SAS) proudly announces the completion of its highly anticipated rebranding effort, a project that has been in the works for over […]

Continue Reading
Press release for new hire
April 5, 2023

Strategic Audit Solutions, Inc. Appoints Multi-Industry Veteran Chris Mindenhall as Chief Innovation Officer

With over 20 years in data analytics, recovery audit, and supply-chain transformation, Chris will head up our Transformation Office and Innovation Lab with an initial focus on the retail industry […]

Continue Reading


We will answer all your questions.