This pains me greatly because the losses associated with it can be quite large in every company, regardless of size, whether youre, large or small, is vulnerable thats. Why? Im dividing this sound bite what some might consider a sliver of an issue, but one that is wrecking havoc across the business landscape, welcome to accounts, payable, soundbytes the program where we share tips and explain simple and complex accounts payable issues in short, concise, sound bites. Now let me start off by explaining how the fraud works and why it is critical, every organization adopt best practices, even though, against my better judgment, im going to share what i consider an almost best practice, because those of you who bought my book 127 best practices, Know that i usually offer an alternative if, for whatever reason, your organization is not willing to use the best practice, but let me beg you if i will, because i hate to see what happens in some organizations when they get hit. Let me beg you to adopt the best practice, even though it can create a little extra work. Okay, before we get started, let me tell you how the fraud works, the crook, using a variety of methods and ill talk a little bit about that, sends an email to usually the accounts payable department. They try and identify the person responsible for the master vendor file. They impersonate a vendor and theyre really good at it. Well, some of them are really good.
Some of them stink. You probably have seen some of the bad emails, but most of them are really good at impersonating the vendor, and they just say something like you know, we had to close our own bank account. They may give a reason they may not it doesnt really matter. This happens all the time and heres our new bank account number. Can you please send future payments there. Now if we went back a few years before all this craziness started, you would have just accepted that made the change and started paying the new account. But you cannot do it because crooks have gotten really good at spoofing emails. They buy urls that are very close to your vendors url. It may be off one letter. They may have bought a url, for example, if they had the letter m. A small m like mary in it theyll buy the same url except instead of the m. It will have an r and an n and if youre, not looking closely, that rnn looks an awful lot like an m anyway. Theyve got a whole bunch of techniques and they send you an email requesting that you make this change okay, now before i go through what the best practice is, i just like to take a moment and invite you to subscribe its completely free, its private, and you Can unsubscribe anytime and if youre, watching on youtube and you ring that bell next to the subscribe button, youll be notified whenever we post new ap content, which we do two or three times a week and by the way on youtube to subscribe, you dont need a Youtube account, you can go ahead and do it if you just have a gmail account all right, so whats the best practice best practice.
Is you get one of those emails and you pick up the phone and you call the vendor and you verify that the request came from them and they really want you to make this change now. This means that you need to keep up to date. Information in the master vendor file – if you dont – and i know some companies that do this anyway, regardless of whether they have the information, the master vendor file, they go to the website the companys website and they get the general number and they call the main switchboard And then they are transferred from person to person until they get to the person in accounts receivable billing, perhaps treasury, who can confirm that? Yes, this is a legitimate request. Now i had conversations with controllers who complained to me and they said we really have to do that. We call up and every single time the answer is yes. Yes, that request really did come from us and my answer is yeah. You really should do that because one fraud – and i know cases where its happened. One fraud and you can see two million dollars – go out the door a lot of money. So, yes, you have to do it. Yes, its extra work. Yes, if youre a large enough company, you might even have to add staff but think about this. If youve started an automation project, maybe have a little extra resources in your ap staff.
Maybe have somebody whos free like half a day a week or something and they can take this on, but really please please, please do it because its devastating when it goes wrong, so i promised id share an almost best practice because thats what i do and 127 Best practices – and i realize that sometimes companies for whatever reason, cant use the best practice if youre going to use an alternative practice and be aware that really really smart crooks. If theyve infiltrated your suppliers, erp system and emails, may be able to get this information. But an alternative is to ask the person whos, making the request to give some information that in theory only the vendor would have. So you might ask them what were the last three payments that they made? What was the old bank account number that theyre closing what was the last three invoice numbers? This will help you avoid having to make the phone call and, of course, if you get no response, that might be a clue that there was a problem, but really nothing beats picking up the phone and calling okay. This is another variation if you will, on those rush, wire transfer requests and just to talk for a moment about worse practices, because i do that. I want to call out the worst practices, so hopefully youre not using them. And if you are stop okay, but the worst practice is to do nothing to just accept those emails at face value, because yeah 99 out of 100 are going to be fine, theyre going to have come from your vendor, but that one email that came from a Crook can cost your organization, millions and millions of dollars.
I saw one story in the paper: fraud was for 750 000, it was a smaller company and they were able to stop it, and the president said, thank god. We caught this because if we had paid this money out, it would have meant we had to lay people off okay in that organization that amount of money thats, how serious it was to show you just how crafty some crooks are weve created a quiz. Can you spot the phony email address its in a sound bite on youtube and, if youre, watching on youtube, a link will appear to the left, otherwise go to youtube and search for the ap. Now podcast well also include a link in the show notes to that particular quiz and remember. I really do appreciate those thumbs up. Those shares subscribes and comments.