As part of our ongoing commitment to helping clients become more secure and efficient, Paymerang is introducing a learning series highlighting best practices in the world of AP and finance.
For our first installment we are sharing a few tools and exercises leveraged internally at Paymerang to mitigate risk.
According to the 2020 AFP Payments Fraud & Control Survey, 81% of organizations were targets of payment fraud in 2019. This is the second highest percentage of reported fraud attacks/attempts since 2009, with the most often reported source of payments fraud attacks being Business Email Compromise (BEC).
As a result of the Covid-19 pandemic, professionals are communicating via email more than ever and work from home is a common business practice. Unfortunately, the increased digital volume has correlated with an increase in documented fraudulent activity.
Please review the following recommendations from our internal security training programs:
1. Labeling of Externally Generated Emails: A critical tool to combat email phishing is to provide alert banners to your employees identifying all emails that are generated externally from your company. There have been a number of reports highlighting nefarious actors manipulating sender’s email address (i.e. @microsoftt.com) to masquerade as a valid email sender.
2. Alertness for Malicious Links: Links in external emails are often times used to disguise malicious programs that could compromise your network. Before clicking on any links, we recommend your employees verify the sender’s email address along with the URL in the link. Once verified, we recommend copying the link and pasting it into the browser rather than clicking on it the link provided in the email.
3. Awareness of Vendor Impersonations: A popular fraud technique is to masquerade as a vendor and seek to redirect money to a fraudster’s account. One of the many advantages of using Paymerang is that we validate the vendors we pay on your behalf – this highly reduces the risk of being exposed to this fraudulent technique. Please note that since you fund AP batches into a central account at Paymerang, you will not receive any changes to this funding account. If you get a request for a change, please immediately contact your Client Account Manager or contact our Support Team at firstname.lastname@example.org.
We hope that you find these tips useful. Stay tuned for future security awareness steps you can take to keep your business payments secure.