In today’s digital landscape, finance professionals face increasingly complex threats that target their organization’s financial data and systems. A new, highly sophisticated phishing tactic is circulating, and its clever execution makes it exceptionally difficult to detect. Let’s break down how this scam operates, how you can spot it, and how Glean.ai can help safeguard your AP processes.

How the Scam Works

This phishing technique capitalizes on trust and urgency to trick accounts payable (AP) teams into processing fraudulent invoices. Here's how the scam unfolds:

1. Fake Email Chain: A fabricated email thread is created to look like an ongoing conversation with a legitimate vendor.
2. Illusion of Follow-Up: The phisher builds urgency by making it seem like the "vendor" has sent multiple follow-ups regarding an overdue invoice.
3. Fake Colleague Email: To solidify the deception, the email thread includes a fake message from a colleague or executive at your company, explicitly instructing the AP team to process the invoice immediately.
4. W-9 Attachment: A fraudulent W-9 form is included to enhance the scam's legitimacy, as these forms are often used in vendor onboarding processes.
5. Odd Payment Instructions: The phisher might request payment to an unusual account, such as an outsourced "accounting team," rather than the vendor directly.

How to Spot This Scam

While these scams can be hard to detect, vigilance and strategic precautions can make all the difference. Here are some critical steps your team can take:

• Verify Vendor Information: Always confirm vendor details, especially for new vendors or those with unusual payment instructions. For high-value or atypical transactions, verify payment information verbally with the vendor.
• Scrutinize Invoice Details: Be on the lookout for inconsistencies, like an old invoice from a new vendor or unconventional payment instructions.
• Analyze Email Domains: Carefully check the sender's email address. A mismatch between the domain and the legitimate vendor’s domain, or the use of free email services (e.g., @gmail.com), should raise a red flag.
• Confirm People Exist: If in doubt, verify the sender's identity on professional platforms like LinkedIn. The absence of a profile or a recently created account could signal a scam.
• Utilize Spend Analysis Tools: AP software like Glean.ai can automatically flag anomalies such as new vendors, discrepancies in payment instructions, or unusually long gaps between the invoice date and processing date.

How Glean.ai Protects Your Team

With powerful spend analysis and fraud detection features, Glean.ai helps AP teams stay ahead of these threats. Our platform ensures that new vendors are automatically flagged, runs advanced forensics to identify suspicious changes in payment instructions, and highlights invoices with unusual discrepancies. By leveraging Glean.ai, you can reduce manual oversight, improve accuracy, and safeguard your organization’s financial health.

Stay Vigilant and Act Fast

If you suspect a phishing attempt, report it immediately to your IT security team. Remaining proactive and adopting robust AP processes are the keys to staying one step ahead of fraudsters.

At Glean.ai, we’re committed to helping finance professionals like you protect your organization while streamlining AP processes. Stay safe, stay informed, and let us help you focus on what matters most.