EGC strives to keep the R&D community informed on financial topics impacting their businesses. Here, we highlight emerging risks from rising payment fraud threats.
By: Aron Josefsberg, MBA, Accounting Senior Manager
Over the past several months, EGC has seen a notable increase in email spoofing and fraudulent payment attempts across our client base.
Today’s fraudsters often impersonate trusted vendors, executives, or internal team members. A common fraud scheme progresses as follows:
- A fraudster spoofs or compromises an email account
- They send a legitimate-looking invoice or payment request
- The message includes updated banking details
- There is often a sense of urgency to push the payment through quickly
Every company—regardless of size—needs a proactive approach to payment verification and fraud prevention.
Common Red Flags to Watch for
- A slightly altered email address or domain
- Changes to banking instructions
- Urgency of payment request
- Unusual tone, formatting, or signature blocks
- Requests that bypass standard processes
- Invoices sent from an email address that doesn’t match prior communications
Practical Steps to Reduce Risk
1. Always verify banking changes offline
Never rely on email alone to confirm updated payment instructions. Instead:
- Call a known contact at the vendor using previously verified information
- Call the bank to confirm the account information
- Document the verification process
2. Strengthen internal controls
- Separate invoice approval and payment execution
- Require secondary review for new vendors or changes
- Confirm first-time payments or exceptions directly with the vendor
3. Standardize vendor management
- Maintain a centralized, verified vendor file
- Limit who can update vendor information
- Implement a formal process for payment changes
4. Train your team
- Provide regular training on spoofing and phishing
- Share case studies
- Encourage employees to question anomalies
5. Use available safeguards
- Enable multi-factor authentication (MFA)
- Leverage banking controls like ACH filters or positive pay
- Use email security tools to flag suspicious domains
What To Do If Something Seems Off
- Pause the transaction immediately
- Contact the vendor using trusted contact information
- Notify your accountant and your internal team
- If funds have been sent, contact your bank immediately
Final Thoughts
Email spoofing and payment fraud are increasingly common risks for small to mid-sized organizations. Even well-established processes can be threatened by sophisticated attacks.
The most effective defense is a combination of clear procedures, strong internal controls, and a culture of verification.
EGC’s accounting team can help assess your current processes and implement safeguards to reduce risk and strengthen your financial controls – feel free to contact us to learn more about how we can support you.
