News

In today’s world, criminals are slipping quietly between the lines of your everyday communication. One trend impacting companies of all sizes involves the interception of business correspondence—both physical and digital—which is then used to carry out highly convincing financial fraud.

The Tactic: Intercept and Imitate

Scammers focus on compromising mail, email, and other communication channels to insert themselves into legitimate business workflows. This tactic often begins with intercepting a single piece of sensitive information—a check in the mail, a vendor invoice, or an internal billing email.

Once a scammer has access to this material, they use it to fabricate fraudulent documents that appear indistinguishable from the real thing:

•Fake checks using legitimate account and routing numbers.

•Forged invoices designed to reroute payments to criminal-controlled accounts.

•Spoofed email threads that trick employees into thinking a payment request is coming from a trusted vendor or internal executive.

This type of fraud is particularly insidious because it blends in with everyday operations. Unlike phishing emails riddled with red flags, these documents and messages look legitimate and timely—often based on real business activity that was compromised.

The Goal: Diverting Funds with Precision

After crafting fraudulent documents, the scammer’s objective is clear: divert funds before anyone notices. In many cases, they’ll impersonate a known vendor or business partner and request payment—often citing a new bank account or billing address. Alternatively, they’ll present counterfeit checks for payment of legitimate goods or services while posing as a company employee.

At First Federal we observe companies that from time to time unknowingly authorize fraudulent payments. These businesses later discover that the money was sent to an illegitimate business and the funds are no longer available. The company still must send funds to the legitimate payee.

The Impact on Businesses

These schemes can cause significant financial and reputational damage:

•Direct monetary losses from unauthorized payments.

•Operational disruption as companies scramble to identify the scope of the breach.

•Erosion of trust between businesses and their vendors or customers.

•Regulatory scrutiny if sensitive customer data was involved.

Small and mid-sized businesses are especially vulnerable, as they may lack dedicated fraud detection teams or robust verification processes.

Detection and Prevention Strategies

To stay ahead of these evolving threats, businesses and banks must adopt layered defenses:

1. Verify Payment Changes Independently

Always confirm any changes to vendor banking information or payment instructions using a trusted contact method—never solely rely on email, mail or an uninitiated phone call.

2. Monitor and Reconcile Accounts Frequently

Regularly check for unexpected transactions, duplicate invoices, or unfamiliar payees. Depending on the payment method, this should be accomplished daily.

3. Use Secure Mail and Email Practices

• Consider switching from mailed checks to secure electronic payments.

• Encrypt sensitive email communications.

4. Train Staff on Red Flags

Educate teams—especially those in finance and operations—on the warning signs of business email compromise and invoice fraud.

Final Thought: Silence is the Scammer’s Ally

Scammers often rely on one more tactic: secrecy. They may even tell victims not to inform anyone about the payment because it's “urgent,” “confidential,” or part of a special process. Business owners that focus on maintaining transparency are more likely to detect and stop fraud before losses are realized.

________________________________________

If you're a business owner, now is the time to strengthen your defenses. These scams aren’t going away—they’re getting smarter, more targeted, and more effective with every intercepted message.