payments.corpay.com
Open in
urlscan Pro
45.60.13.233
Public Scan
URL:
https://payments.corpay.com/resources/blog/how-to-identify-a-new-type-of-bec-vendor-email-compromise
Submission: On December 19 via api from US — Scanned from DE
Submission: On December 19 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
<form class="aa-Form autocomplete_aa-Form__IlnXC" action="" novalidate="" role="search">
<div class="aa-InputWrapperPrefix autocomplete_aa-InputWrapperPrefix__mQnli"><label class="aa-Label autocomplete_aa-Label__bX1b6" for="autocomplete-2-input" id="autocomplete-2-label"><span
class="aa-SubmitButton autocomplete_aa-SubmitButton__drfpJ"><svg class="aa-SubmitIcon" viewBox="0 0 24 24" width="20" height="20" fill="currentColor">
<path
d="M16.041 15.856c-0.034 0.026-0.067 0.055-0.099 0.087s-0.060 0.064-0.087 0.099c-1.258 1.213-2.969 1.958-4.855 1.958-1.933 0-3.682-0.782-4.95-2.050s-2.050-3.017-2.050-4.95 0.782-3.682 2.050-4.95 3.017-2.050 4.95-2.050 3.682 0.782 4.95 2.050 2.050 3.017 2.050 4.95c0 1.886-0.745 3.597-1.959 4.856zM21.707 20.293l-3.675-3.675c1.231-1.54 1.968-3.493 1.968-5.618 0-2.485-1.008-4.736-2.636-6.364s-3.879-2.636-6.364-2.636-4.736 1.008-6.364 2.636-2.636 3.879-2.636 6.364 1.008 4.736 2.636 6.364 3.879 2.636 6.364 2.636c2.125 0 4.078-0.737 5.618-1.968l3.675 3.675c0.391 0.391 1.024 0.391 1.414 0s0.391-1.024 0-1.414z">
</path>
</svg></span></label>
<div class="aa-LoadingIndicator" hidden=""><svg class="aa-LoadingIcon" viewBox="0 0 100 100" width="20" height="20">
<circle cx="50" cy="50" fill="none" r="35" stroke="currentColor" stroke-dasharray="164.93361431346415 56.97787143782138" stroke-width="6">
<animateTransform attributeName="transform" type="rotate" repeatCount="indefinite" dur="1s" values="0 50 50;90 50 50;180 50 50;360 50 50" keyTimes="0;0.40;0.65;1"></animateTransform>
</circle>
</svg></div>
</div>
<div class="aa-InputWrapper autocomplete_aa-InputWrapper__bFnU4"><input class="aa-Input autocomplete_extend__Vp_EF" aria-autocomplete="both" aria-labelledby="autocomplete-2-label" id="autocomplete-2-input" autocomplete="off" autocorrect="off"
autocapitalize="off" enterkeyhint="search" spellcheck="false" placeholder="Search" maxlength="512" type="search"></div>
<div class="aa-InputWrapperSuffix autocomplete_aa-InputWrapperSuffix__hXkcg"><button class="aa-ClearButton" type="reset" title="Clear" hidden=""><svg class="aa-ClearIcon" viewBox="0 0 24 24" width="18" height="18" fill="currentColor">
<path
d="M5.293 6.707l5.293 5.293-5.293 5.293c-0.391 0.391-0.391 1.024 0 1.414s1.024 0.391 1.414 0l5.293-5.293 5.293 5.293c0.391 0.391 1.024 0.391 1.414 0s0.391-1.024 0-1.414l-5.293-5.293 5.293-5.293c0.391-0.391 0.391-1.024 0-1.414s-1.024-0.391-1.414 0l-5.293 5.293-5.293-5.293c-0.391-0.391-1.024-0.391-1.414 0s-0.391 1.024 0 1.414z">
</path>
</svg></button></div>
</form><form class="collapse">
<div id="advancedFilter" class="resourcesmenu_advancedFilter__BrBM1 row">
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_label3__5Jt2I">Advanced filters</span></div>
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Topic:</span><select aria-label="Default select example" name="topic" class="resourcesmenu_body-medium__sZDew form-select" id="topic">
<option>All</option>
<option>Fraud</option>
<option>API Integrations</option>
<option>Payments</option>
<option>Privacy</option>
<option>ROI</option>
<option>Cross-Border</option>
<option>Currency Risk</option>
<option>Market Updates</option>
<option>Market Outlooks</option>
<option>Compliance</option>
</select></div>
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Job Role:</span><select aria-label="Default select example" name="role" class="resourcesmenu_body-medium__sZDew form-select" id="role">
<option>All</option>
<option>AP Leader</option>
<option>CFO / Controller</option>
<option>IT / Security</option>
<option>VP, Finance</option>
<option>Treasurer</option>
</select></div>
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Industry:</span><select aria-label="Default select example" name="industry" class="resourcesmenu_body-medium__sZDew form-select" id="industry">
<option>All</option>
<option>Automotive</option>
<option>Construction</option>
<option>Healthcare / Biotech</option>
<option>Retail</option>
<option>Payroll</option>
<option>Fintech</option>
<option>Professional Services</option>
<option>Agriculture and Commodoties</option>
<option>Entertainment & Media</option>
<option>Education</option>
<option>Hospitality</option>
<option>Manufacturing</option>
<option>Trucking</option>
<option>Wholesale / distribution</option>
</select></div>
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Content Type:</span><select aria-label="Default select example" name="type_af" class="resourcesmenu_body-medium__sZDew form-select" id="type_af">
<option>All</option>
<option>Blog</option>
<option>Podcasts</option>
<option>Webcasts</option>
<option>Case Studies</option>
<option>Whitepapers</option>
<option>Evaluation Tools</option>
<option>Market Analysis</option>
</select></div>
<div class="resourcesmenu_cta__JHC_n col-md-2 col-sm-12"><button type="submit" class="resourcesmenu_orange-link__udyY5 btn btn-primary">Submit search</button></div>
</div>
</form><form class="resourcesmenu_advancedFilterMobile__MBS0t d-sm-block d-md-none collapse">
<div id="advancedFilterMobile" class="row">
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Topic:</span><select aria-label="Default select example" name="topic" class="resourcesmenu_body-medium__sZDew form-select" id="topic">
<option>All</option>
<option>Fraud</option>
<option>API Integrations</option>
<option>Payments</option>
<option>Privacy</option>
<option>ROI</option>
<option>Cross-Border</option>
<option>Currency Risk</option>
<option>Market Updates</option>
<option>Market Outlooks</option>
<option>Compliance</option>
</select></div>
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Job Role:</span><select aria-label="Default select example" name="role" class="resourcesmenu_body-medium__sZDew form-select" id="role">
<option>All</option>
<option>AP Leader</option>
<option>CFO / Controller</option>
<option>IT / Security</option>
<option>VP, Finance</option>
<option>Treasurer</option>
</select></div>
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Industry:</span><select aria-label="Default select example" name="industry" class="resourcesmenu_body-medium__sZDew form-select" id="industry">
<option>All</option>
<option>Automotive</option>
<option>Construction</option>
<option>Healthcare / Biotech</option>
<option>Retail</option>
<option>Payroll</option>
<option>Fintech</option>
<option>Professional Services</option>
<option>Agriculture and Commodoties</option>
<option>Entertainment & Media</option>
<option>Education</option>
<option>Hospitality</option>
<option>Manufacturing</option>
<option>Trucking</option>
<option>Wholesale / distribution</option>
</select></div>
<div class="col-md-2 col-sm-12"><span class="resourcesmenu_body-small__hnV1e">Content Type:</span><select aria-label="Default select example" name="type_af" class="resourcesmenu_body-medium__sZDew form-select" id="type_af">
<option>All</option>
<option>Blog</option>
<option>Podcasts</option>
<option>Webcasts</option>
<option>Case Studies</option>
<option>Whitepapers</option>
<option>Evaluation Tools</option>
<option>Market Analysis</option>
</select></div>
<div class="resourcesmenu_cta__JHC_n col-md-2 col-sm-12"><button type="submit" class="resourcesmenu_orange-link__udyY5 btn btn-primary">Submit search</button></div>
</div>
</form><form class="searchform_search__Ddc_D undefined"><input placeholder="Search Resources" type="text" id="search-resources" class="searchform_body-small__sip49 form-control"><button type="submit" class="btn btn-primary"><span
style="box-sizing:border-box;display:inline-block;overflow:hidden;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;position:relative;max-width:100%"><span
style="box-sizing:border-box;display:block;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0;max-width:100%"><img
style="display:block;max-width:100%;width:initial;height:initial;background:none;opacity:1;border:0;margin:0;padding:0" alt="" aria-hidden="true"
src="data:image/svg+xml,%3csvg%20xmlns=%27http://www.w3.org/2000/svg%27%20version=%271.1%27%20width=%2724%27%20height=%2724%27/%3e"></span><img alt="Search"
src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" decoding="async" data-nimg="intrinsic"
style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"><noscript><img alt="Search"
srcset="https://images.ctfassets.net/h83dujey17us/4XBLdK1WRoLsxjsuj8T1bn/62c962c856e67cfce9d37ed727d9a04c/search.svg 1x, https://images.ctfassets.net/h83dujey17us/4XBLdK1WRoLsxjsuj8T1bn/62c962c856e67cfce9d37ed727d9a04c/search.svg 2x"
src="https://images.ctfassets.net/h83dujey17us/4XBLdK1WRoLsxjsuj8T1bn/62c962c856e67cfce9d37ed727d9a04c/search.svg" decoding="async" data-nimg="intrinsic"
style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%"
loading="lazy"></noscript></span></button></form>Text Content
Solutions
* AP Automation >
* Cross-Border >
* Commercial Cards >
<
Industries
* Automotive
* Construction
* Education
* Entertainment & Media
* FinTech
* Law Firms
* NGOs
* Retail
* All Industries
Resources
* Blog
* Market Analyses
* Podcasts
* Case Studies
* Whitepapers
* Webcasts
* Newsroom
* All Resources
Company
Get in touch
Login
NA
<
* Canada and United States
* Canada - Français
* United Kingdom
* Australia
* Singapore
* Europe - Italia
* Europe - España
* Channel Islands
* Europe - Ireland
* Europe - Sverige
* Europe - Français
* Europe - Deutsch
All ResourcesBlogMarket AnalysisCase StudiesWhitepapersPodcastsWebcastsAll
FiltersNewsroom
Advanced filters
Topic:AllFraudAPI IntegrationsPaymentsPrivacyROICross-BorderCurrency RiskMarket
UpdatesMarket OutlooksCompliance
Job Role:AllAP LeaderCFO / ControllerIT / SecurityVP, FinanceTreasurer
Industry:AllAutomotiveConstructionHealthcare /
BiotechRetailPayrollFintechProfessional ServicesAgriculture and
CommodotiesEntertainment &
MediaEducationHospitalityManufacturingTruckingWholesale / distribution
Content Type:AllBlogPodcastsWebcastsCase StudiesWhitepapersEvaluation
ToolsMarket Analysis
Submit search
Advanced filters
Topic:AllFraudAPI IntegrationsPaymentsPrivacyROICross-BorderCurrency RiskMarket
UpdatesMarket OutlooksCompliance
Job Role:AllAP LeaderCFO / ControllerIT / SecurityVP, FinanceTreasurer
Industry:AllAutomotiveConstructionHealthcare /
BiotechRetailPayrollFintechProfessional ServicesAgriculture and
CommodotiesEntertainment &
MediaEducationHospitalityManufacturingTruckingWholesale / distribution
Content Type:AllBlogPodcastsWebcastsCase StudiesWhitepapersEvaluation
ToolsMarket Analysis
Submit search
HOW TO IDENTIFY A NEW TYPE OF BEC: VENDOR EMAIL COMPROMISE
December 8, 2021
Since businesses began moving to a remote environment at the start of 2020,
accounts payable teams have spent a significant amount of time ramping-up their
ACH payments. Working from home has made it harder to get payments out to
suppliers efficiently and securely.
The increased pressure on AP, combined with weak network security and unfamiliar
remote workflows, left an opening for fraudsters to take advantage of the chaos.
In the September 2020 edition of the Fraud in the Wake of COVID-19 Benchmarking
Report, the ACFE (Association of Credentialed Fraud Examiners) reported that 90
percent of over 2000 respondents had seen increased cyber fraud during the
July-August 2020 time period.
A particular subset of fraudulent activity—‘BEC’, or Business Email
Compromise—has gained notoriety over the years and is such a large operation
that it’s become more of an umbrella term for various attacks. Among these
subsets comes the newer term, ‘VEC’, or Vendor Email Compromise.
DEFINING VENDOR EMAIL COMPROMISE
While similar in concept to BEC, VEC focuses more on controlling payments
through vendor communication. Bad actors hack into vendor emails or business
systems and watch the transaction flow for a while. They collect information on
the vendor—anything from invoice structures to personal writing quirks. This
later enables them to take over communication without raising suspicion.
Once they’ve identified an opportunity to re-route large ACH payments, they
masquerade as the vendor in a spoofed email to the AP team, requesting changes
to the account. Depending on the information they’ve collected, these emails can
be quite convincing and ultimately, damaging.
In a successful fraud scenario, the bad actor will have convinced AP to re-route
funds to their account. Once they retrieve the funds, the bad actors will close
the account. Due to the quick nature of ACH payments, the entire heist can take
very little time to pull off—often, mere days. By the time the legitimate vendor
asks about their missing payment, it’s impossible to retrieve the funds and the
buyer is still on the hook for the actual payment.
BUILDING YOUR FORTRESS THROUGH AP INTERNAL CONTROLS
Many AP departments are not prepared to identify sophisticated, calculating
cyberattacks like VEC. For decades, they have grown familiar with identifying
check fraud. In those cases, enterprises have developed strong internal
controls and combined them with their bank’s Positive Pay and Positive Payee
capabilities. Now they need to develop the same level of controls for ACH. A
comprehensive system would look something like this:
1. Use tools like firewalls, threat monitoring, and multifactor authentication
to block attacks on your infrastructure.
2. Put prevention measures in place. Train all new hires to identify malware
and phishing attempts, and offer quarterly refreshers to all employees. Have
IT periodically send out simulated phishing attacks, so your teams know how
to recognize and react to the real thing.
3. Don’t gloss over your validation process. Require multiple levels of
verification on all information changes—even (and especially) urgent ones.
Use industry-standard tools to validate account information and ownership.
Call vendors to validate their update requests using the contact information
you already have on file—not the information in the email. If you can’t
reach a vendor by phone, mail a letter to the address on file and request
they call you.
4. Document your processes and protocols and update them frequently.
5. Never, ever share sensitive data via email.
STAYING VIGILANT AGAINST BEC FRAUD
It’s not surprising if these steps sound like a lot; they are. As bad
actors grow more proficient in their fraud attempts, it’s up to business owners
to prepare for when they inevitably become a target. This requires a certain
amount of imagination—taking the time to think of how a bad actor might
infiltrate your business allows you to shore up your weak points before they
become a problem. A single successful attempt has the potential to impact not
only the bottom line but also your business reputation.
In the end, the best method for protecting your business is staying vigilant and
flexible to changes in fraudulent activity, such as the addition of VEC to the
BEC fraud category. Expect the unexpected, and it will be much harder to throw
you off guard.
AUTHOR
Angela Anastasakis
Angela Anastasakis has more than 30 years of leadership experience in operations
and product support. Angela has been instrumental in leading Operations through
rapid growth, while maintaining support satisfaction ratings through outstanding
service.
About us
About Corpay
Partners
Careers
Contact Us
Learn more
Blogs
Podcasts
Case Studies
Webcasts
Market Analyses
Follow us
* Foreign exchange hedging for businesses: Your...
* 8 Ways That Fraud Emails Can Compromise Your...
* How streamlining your AP Enhances your Vendor...
* Compliance, Legal & Regulatory
* Privacy Policy
* Cookies Settings
* File a Complaint
* Terms of Use
© 2022 FLEETCOR TECHNOLOGIES, INC.
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
ANALYTIC COOKIES
Analytic Cookies
These cookies count visits and traffic sources to measure and improve Website
performance. We may use persistent cookies, which will remain on your computer
even after you close your browser, to understand general Website usage and
volume statistical information (which does not include Personal Information) and
improve the content and offerings on our Website(s). We may also use persistent
cookies to store user preferences.
STRICTLY NECESSARY COOKIES (ESSENTIAL)
Always Active
Strictly Necessary Cookies (Essential)
These are cookies without which you would not be able to use our Website(s). For
example, Essential Cookies adjust the Website data transmitted to match your
internet connection, get you to the secure versions of the Website, and help
provide services you specifically request. If you set your browser to block
these cookies, some parts of the Website will not work.
ADVERTISING COOKIES
Advertising Cookies
These cookies help us manage and display our advertisements based on your
activity on our Website(s) and other sites; this is known as interest-based
advertising. We may use targeting cookies to gather demographic information
about our user base as a whole. We may allow third party ad servers (i.e., third
parties that provide technology to place ads on web sites and track ad
performance) to use cookies, web beacons, and other technologies to
automatically collect information about your visit to this Website or to place
our ads on third-party sites and to analyze the effectiveness of those ads.
FUNCTIONAL COOKIES
Functional Cookies
These cookies allow the Website to remember choices you make and provide
enhanced functionality and more personalized features. These technologies are
used so that we can provide a continuous and more personalized shopping
experience for you (e.g., to recognize you by name when you return to a
Website).
Confirm My Choices
Back Button
Back
PERFORMANCE COOKIES
Vendor Search Search Icon Filter Icon
Clear Filters
Information storage and access
Apply
Consent Leg.Interest
All Consent Allowed
Select All Vendors
Select All Vendors
All Consent Allowed
Confirm My Choices
By clicking “Accept All Cookies”, you agree to the storing of cookies on your
device to enhance site navigation, analyze site usage, and assist in our
marketing efforts.
Cookies Settings Accept All Cookies