Overview
With Ramp’s Bill Pay feature, we make drafting, approving, and paying bills easier than ever. Unfortunately, this convenience can also attract fraudsters to attempt to steal information or money. Understanding the types of fraud associated with bill payments can help you recognize potential threats and take steps to secure your payments.
Jump to:
How to protect yourself
1. Verify Payment Instructions
- Always confirm payment instructions directly with vendors or suppliers using a verified phone number, especially if account details change.
- Ensure employees have verified the source of the invoice before clicking on links or downloading attachments.
- Use a different channel than the one from which instructions were received (don’t reply to the same email or call back the same number).
- Be wary of urgent payment requests or unusual changes in standard payment practices
2. Educate employees
- Train staff to recognize phishing emails, spoofed domains, and social engineering tactics.
- Emphasize the importance of verifying invoices and double-checking payment details.
3. Secure communication channels
- Use encrypted email or secure portals to share sensitive information.
- Limit who can access financial systems and payment platforms.
4. Implement multi-factor authentication (MFA)
- Require MFA for all financial accounts, payment systems, and email to add an extra layer of security.
5. Configure an approval policy
- Direct payments through multiple lines of approval to enhance security with this feature.
6. Utilize the Ramp vendor portal
- It streamlines payment management for vendors by providing a central platform to track payment progress, manage receivables, update company details, and maintain bank account information for Ramp Bill Pay transactions.
- This can ensure you are dealing with a proven legitimate vendor, but use secure communications channels, as mentioned above, to be certain you are inviting a true vendor.
Types of fraud
1. Vendor Business Email Compromise (BEC: learn more here)
BEC is one of the most common and damaging types of fraud impacting businesses.
- How it works:
- Fraudsters gain access to the email of a trusted contact, either through phishing or malware.
- It could be the email of your vendor/supplier or your colleague/boss.
- They can:
- Intercept real invoices and modify the bank account details before forwarding the message to the payer.
- Request via email that payment instructions be updated.
- Create fake invoices.
- Payments intended for legitimate vendors are rerouted to the fraudster’s account.
- Fraudsters gain access to the email of a trusted contact, either through phishing or malware.
2. Social engineering/phishing (learn more here)
Phishing schemes are common in bill pay fraud. Fraudsters trick users into revealing login credentials or other sensitive information.
- How it works:
- Fraudsters send emails or texts that appear to be from legitimate financial institutions or payment platforms.
- These messages direct users to fake websites designed to capture login credentials or payment information.
- With this information, fraudsters can access accounts and initiate unauthorized transactions or send fraudulent payment requests.
3. Vendor spoofing (learn more here)
Bad actors can impersonate vendors or colleagues and then create, intercept, or manipulate payment instructions to redirect funds to their own accounts.
- How it works:
- The fraudster sends an email from what appears to be a legitimate source, like from a vendor or colleague, but uses a slightly altered email address (e.g., @vend0r.com instead of @vendor.com).
- They request urgent payment (for example, for an unpaid membership renewal) or provide new account details for future invoices.
- These emails often use official-looking logos and professional language to avoid suspicion.
- These emails can even contain fake responses from another trusted source instructing or approving the payment.
- These can also look like a combination of BEC and Spoofing if the bad actor creates a similar email, such as accountsrec@vendor.com instead of ar@vendor.com.
Act quickly if compromised
Notify Ramp Support immediately if you suspect you have sent funds to a fraudulent account. File a complaint with the FBI’s Internet Crime Complaint Center for all confirmed cases.