"Amid the flood of emails, one message stands out: a trusted supplier is updating their bank account details and needs the change made before the next payment run. The request looks completely legitimate - the supplier's logo is there, the email address looks right, and the message mentions an ongoing order for lab equipment. Pressed for time, the AP specialist enters the new bank account details and moves on."
"Two weeks later, the supplier calls asking why payments have stopped. Only then does the team realize that they've been sending thousands of unrecoverable dollars to a fraudster. What seemed like a simple "to-do" has turned into a crisis that could have been avoided with stronger practices for verifying bank account change requests. Why phony bank account change requests are harder to detect At first glance, bank account change requests don't seem like a major risk - after all, suppliers update their details all the time. But fraudsters have learned that AP departments, especially in healthcare, are often stretched thin, with limited bandwidth to double-check updates. This makes bank account change requests a prime attack vector. They're routine enough to avoid raising suspicion, but if successful, can reroute funds straight into a criminal's account."
Healthcare accounts payable teams often receive routine supplier bank-account change requests that fraudsters exploit to reroute payments into criminal accounts. Overworked AP staff with limited time and verification capacity are particularly vulnerable to requests that mimic legitimate supplier communications. Attackers use spoofed or compromised email addresses, correct logos, formatting, and writing style to bypass basic detection methods. Traditional cues like typos no longer reliably indicate fraud. Successful scams can halt legitimate payments and cause significant unrecoverable losses. Implementing robust verification procedures and explicit confirmation steps for bank-account changes reduces the risk of diversion and financial crisis.
Read at MedCity News
Unable to calculate read time
Collection
[
|
...
]