
- Membership
- Certification
- Resources
- Events
- Community
- About
- Help
As fraud schemes grow more sophisticated, conventional safeguards are often bypassed. During the last 90 days there were four fraud scams that highlight that not only do fraudsters know your traditional controls to fight fraud, but that their tactics have evolved to overcome them. Bypassing email red flags, your bank’s fraud prevention tools, or your ability to determine whether it is your leadership on a video call are just three examples of those scams.
Fraudsters Can Bypass Email Red Flags by Accessing Legitimate Email Accounts
Relying on accounts payable or vendor team members to catch fraudulent emails just by reviewing them for red flags has always been risky, if only because of the volume of emails they receive. Worse, fraudsters no longer have to use spoofed techniques to remove those red flags because they are sending emails from within your vendor’s or internal team members’ actual email account. This article from Help Net Security from August of 2025 explains how fraudsters get access to email credentials.
Fraudsters Can Bypass Fraud Prevention Tools Provided By Your Bank
Bank Account Ownership Validation
Traditional remittance validations can also fall short. Measures like Bank Account Ownership Validation (BAOV) are not absolute protection. Fraudsters can successfully bypass BAOV by providing similar vendor information including Account Name, Address, and Taxpayer Identification Number (TIN) to establish a new bank account. When this information is given for a vendor banking change, it will validate because it is a real account with information that matches your vendor. The New York Post reported in August 2025 that a fraudster opened a fraudulent bank account in the name of the vendor being paid:
Positive Pay
Using the same technique of opening bank accounts can also allow fraudsters to bypass positive pay by not having to alter the check at all, leaving the data verified by positive pay (check number, amount and payee) unchanged. Fraudsters obtain checks payable to a legitimate entity (e.g., “AlphaBeta LLC”), registering a new business with the same name in a different state, and opening a new deposit account into which the stolen check is deposited. This fraud technique is explained in a download from the Federal Reserve’s check fraud mitigation toolkit:
Do you know your bank’s recovery window for payments? While most banks have a 48-72 hour period for ACH payments and a 30-day recovery period for checks, they can differ by bank. Verify with your bank and implement a process to confirm receipt of payment based within those timelines.
Deepfake images, audio, and video pose fraud risks. Fraudsters continue to be successful with deepfake videos with a recently reported loss of $300K when a victim jumped on a call with their “finance director” only to learn the next day that it was not. And fraudsters are getting bolder, expanding to the legal system. The $300K was reported by South Africa’s Travel News by a speaker at conference, while Frank on Fraud reported that a fraudster attempted to give a fraudulent testimony during a court hearing via video:
Conclusion
Fraud tactics are evolving rapidly, bypassing traditional safeguards that result in payment fraud. Organizations must do the same and adopt updated strategies to combat these tactics. Implementing authentication, payment receipt confirmation calls and gesture verification are a start to avoid fraudulent payments. Continued adaptive fraud prevention processes remain the strongest tool against increasingly sophisticated fraud schemes.
Resources:
What are you waiting for?