Accounts payable fraud is on the rise, and businesses need to stay ahead of the latest threats. In this episode of the Fraud Fighters podcast, host Debbi Fetter, Partner and Managing Director of our Risk Management practice, and Lyle Loeb, Partner, break down the newest fraud schemes—from AI-driven invoice scams to payment diversion tactics and employee reimbursement fraud.
Tune in to learn essential strategies to protect your organization’s finances and prevent costly fraud risks.
Debbi S. Fetter: Hello everyone and welcome to another episode of the Herbein Conversation series, Fraud Fighters, where we dive into some of the most pressing issues in the modern workplace. I'm Debbi Fetter, Partner and Managing Director of our firms risk management practice and your host of the Fraud Fighters podcast series - your go-to podcast for the latest in fraud and cyber tips and trends.
Joining me today is my colleague and fellow fraud fighter Lyle Loeb, a Partner in our risk management practice. Welcome, Lyle.
Lyle L. Loeb: Thanks for having me, Debbi. It's great to be here. Accounts payable fraud is a growing issue and I'm excited to discuss how businesses and individuals can protect themselves.
Debbi S. Fetter: Then let's get started with the basics. What is accounts payable fraud and why should businesses and individuals alike be concerned?
Lyle L. Loeb: Accounts payable fraud involves any fraudulent activity that targets a company's payable or accounting department, which is responsible for paying suppliers, vendors, and even employees. This type of fraud can be committed internally by an employee's misconduct, externally by vendors, or even by outside parties looking to exploit the system via cyber fraud. It's a major concern because it can lead to financial loss, compliance violations, and reputational damage. Individuals can be caught in this vicious fraud cycle, too, as their accounts may be affected.
Debbi S. Fetter: Interesting. I know our risk management team has witnessed and investigated an increase in accounts payable fraud over the past year. Can you tell us about some of the latest accounts payable fraud schemes that companies should be aware of in 2025?
Lyle L. Loeb: Absolutely. Fraud is constantly evolving and we're seeing some sophisticated schemes. Here are some that I've recently have run into.
AI driven invoice fraud - this is where the scammers are actually using AI to make convincing fake invoices. This one can involve deep fake phishing scams where fraudsters use AI to create realistic images, videos or even audio to impersonate executives or vendors to authorize those fraudulent payments.
Another one is a payment diversion scheme. Hackers intercept legitimate invoices and alter payment details to defer funds to their accounts. This may be via check tampering, wire or ACH fraud.
Another one is employee reimbursement fund. This is where employees exaggerate or falsifies expenses, or even having setting up ghost vendors that are paid fraudulently as well.
Then there's finally third party risk, where fraudsters exploit cyber vulnerabilities and 3rd party vendors to gain access to a company's accounts payable system and send out fictitious invoices to unsuspecting businesses and individuals with altered payment or address information. This may also be via wire or a fraud as well.
Debbi S. Fetter: Those are some advanced themes. I know our risk management team has seen a lot of those, especially a rise in the AI driven invoice fraud. A lot of our CEOs, CFOs are being mimicked and actually their accounting departments are being tricked into sending wires or ACH out in schemes like this. They certainly have a reputational and a financial risk to the business community, but it also impacts individuals in the same manner, whether it's a payment of an individual’s electricity bill or magazine subscription. So, fraudsters try to get someone to pay for something they need, but the funds to another account.
Here's another example I've heard of recently from multiple clients. It involves fake letters or emails sent to companies stating a vendor's address is changed, where their bank account information is changed. The letter e-mail may even contain a link to a fake website disclosing the change. It's usually a legit letterhead, and if a business or individual blindly updates the fake information on their payment systems, they could actually be sending money to the fraudster unknowingly.
And if that's via ACH or wire, it's harder to get back.
So having access to and verifying that information via old fashioned phone call to a known contact or visiting a company's website without clicking on the link in that in that e-mail or letter are really proven strategies to catch that type of fraud that we've experienced as we've investigated.
So my question to you, while is, do you have any recommended best practices for fraud detection and prevention tactics that our listeners can use?
Lyle L. Loeb: Yes, actually there's several different detection practices that can be done. Regular audits are a good way to have review of those financial transactions to make sure that they're being done correctly and have proper approval.
Segregation of duties, that's this is a big one. So if one single person has access and handles the entire payment process, one way to avoid that is to have multiple people involved, so that not one person has the keys to the kingdom, and kind of runs with the whole thing and can authorize payments.
Vendor verification is another one. Making sure that you're confirming the vendors, as Debbi had alluded to, before processing those payments. Then having some automated fraud detection tools, and leveraging technology to flag suspicious activity and multiple invoices.
And there's some common and effective prevention tactics as well. Implementing strong internal controls, restricting access to payment systems based on individual roles, having secondary review, going back to the segregation of duty and having multiple individuals involved in and approving and entering payments. Effectively using some bank services as well, such as positive pay services. This one is where banks will verify checks against an issued list, and create an exception list where the company can then validate if those checks are legitimate.
And lastly, and probably the most important is training the employees because the education to the employees doing the function will then have those fraud risks top of mind, so that way they can detect it as part of the frontline defense.
Debbi S. Fetter: There is a lot of variables that go into this type of fraud, executing it as well as trying to mitigate the risk in and keeping companies and individuals alike safe from financial harm. This has been an important conversation, Lyle and very informative. Any final takeaways?
Lyle L. Loeb: The only thing I would say is fraudsters are constantly evolving their tactics, so businesses need to remain proactive in their defenses and constantly evolve with the fraudsters.
Debbi S. Fetter: Excellent. Great points on an emerging fraud trend. Thanks again, Lyle. That's all for today's episode of Fraud Fighters. We hope we've given you some beneficial tools for your fraud toolboxes. Should you need assistance implementing or identifying gaps in your internal controls, creating a process for segregation of duties, or just want to walk through some of your accounts payable concerns, please reach out to our risk management team. And if you enjoyed this episode, I'd like to encourage our audience to listen to our fraud Fighter series, which is available on our website, herbein.com, Spotify and Apple podcasts.
Stay tuned for future topics where we dive deeper into construction fraud, check fraud, and even identity theft. Thank you again for tuning in and remember, keep up the fight and see you next time Fraud Fighters!
Ready to safeguard your organization against evolving fraud threats? Learn how our Risk Management team can help you detect vulnerabilities and strengthen your defenses—visit our Risk Management service page to get started.