youtube icon linkedin icon mail icon
Login Get Paid Blog
Who We Serve
What We Do
Vendor Risk Management

Vendor Risk Management

Vendor Verification

Vendor Verification

Vendor Onboarding Software

Vendor Onboarding Software

Vendor Fraud

Vendor Fraud

Vendor Compliance

Vendor Compliance

B2B Electronic Payments

B2B Electronic Payments

Nacha ACH Rules Change

Nacha ACH Rules Change

Why Trust Us
Fraud Indemnification

Payment Fraud Protection

Resources
Case Studies

Case Studies

Real-life examples of how organizations use PaymentWorks to improve compliance, reduce workload, and add value. Stuff to Watch

Stuff to Watch

Library of short and sweet videos featuring product demos, customer interviews, and sessions with experts. Podcasts

Podcasts

The perfect way to geek out on all things vendor management, and get tips from our guests, partners, and customers. Vendor Management Appreciation Day

Vendor Management Appreciation Day

Dedicated to celebrating the unsung heroes of vendor management and up-leveling your strategy. Events

Events

We go places. We do things. Join us!
Partnerships
About Us
Why We Built This

Why We Built This

Read the story of how PaymentWorks came to be. Who We Are

Who We Are

Get to know our management team. Release Radar

Release Radar

Up-to-date product news! Become a Partner

Become a Partner

Join our eco-system! Work With Us

Work With Us

Interested in solving a real-world problem that affects businesses of all sizes?
Demo

Social Engineering Frauds – 2021 Stats [UPDATED!]

The 2021 numbers are in... and fraudsters are still gonna fraud.

by Angela Sarno

by Angela Sarno

VP Marketing

[This blog was originally published in June 2021 but has been updated in February 2026 to reflect new data about procurement fraud.]

The 2021 numbers are in… and fraudsters are still gonna fraud.

While these statistics reflect 2021 data, the underlying patterns remain highly relevant today—many of the same control gaps continue to drive successful fraud.

Back in 2021, we offered a rundown based on the Association of Financial Professionals 2022 Payments Fraud and Controls Survey and the FBI’s Internet Crime Report for 2021.

Together, these reports offer a snapshot of how organizations were managing payments and procurement fraud at the time—and where gaps persisted despite growing awareness.

That data showed that attempts and actual frauds were down year over year (71% in 2021 vs. 74% in 2020). There are no conclusive data points to explain why, but there is a notion that education is paying off for those who are usually targeted.  Our counterpoint to this? Fraud tactics evolve all of the timeSo be sure your employee education also evolves at this rate: all of the time.

At the time, a good chunk of you (17%!) were not doing any payment beneficiary, aka, supplier banking verification.  And those of you who were? You were not necessarily checking every one of your suppliers banking data in your verification process.  Or, more likely, you believed your process was being followed 100% of the time, but have not actually audited it to be certain.

This year, we’ve looked at the 2025 AFP® Payments Fraud and Control Survey and the FBI’s latest Internet Crime Report —and while some trends remain familiar, the data underscores just how persistent and costly payments and procurement fraud continues to be.

First, the sobering news: Payments fraud is rising. According to AFP, 79% of organizations were victims of payments fraud attacks or attempts in 2024, up from prior years. Business Email Compromise (BEC) remains the dominant threat vector, with 63% of respondents identifying it as the leading avenue for fraud attempts. The FBI reported 21,442 BEC complaints in 2024 alone, resulting in a staggering $2.77 billion in losses.

Payment methods under attack continue to evolve. Checks remain the most frequently targeted payment method, with 63% of organizations reporting check fraud. Meanwhile, wire transfers have reclaimed the top spot as the payment type most vulnerable to BEC—surpassing ACH credits. Fraud tactics themselves are also shifting. Executive impersonation schemes declined to 49%, while vendor impersonation rose to 60%. Third-party impersonation remains the most common BEC tactic at 63%. The lesson? Fraudsters adapt quickly—and so must your defenses. Employee education, verification protocols, and monitoring practices cannot remain static.

Now, a mixed picture on recovery. Only 22% of organizations were able to recover 75% or more of funds lost to payments fraud in 2024—a sharp drop from 41% in 2023. However, 58% were able to recoup up to 75% of lost funds, an improvement from the prior year. Recovery is possible—but far from guaranteed, and increasingly uncertain.

And finally, a critical control issue remains: supplier banking verification. While awareness has increased over the years, many organizations still struggle with consistent enforcement. Whether it’s incomplete verification of supplier banking changes, inconsistent adherence to internal procedures, or a lack of audit validation to confirm controls are operating as intended, gaps in execution continue to create opportunity for fraudsters. In other words, procurement fraud isn’t going anywhere.

The overarching takeaway? Fraud is not declining. It is evolving. Controls must evolve just as quickly—continuously reviewed, tested, and reinforced.

In February we had a live event with Christopher Arehart, SVP  Product Manager a at Chubb where we were reflecting on the 2021 AFP survey, where 65% of respondents said they had a process in place to verify banking.  From his seat as the product manager for crime, where he sees the aftermath of successful payments fraud scams daily, he offered this:

I would call out these statistics as aspirational, at best. I don‘t see 65% of submissions (for insurance policies) actually making phone calls. They may have a policy that says you’re supposed to be doing it, but when push comes to shove, it’s not really happening.

We see this quite a lot in the folks we talk to, and we read a lot about it in the press as well.  As in these two recent examples:

Bernallio County, New Mexico sent nine payments to a fraudster. How?  Their process wasn’t followed, and no one was auditing it. It’s worth noting that in this case, even if the process had been followed, it does not appear to involve verifying the bank account ownership.

St. Peterborough, NH paid a $2.3M price for a “simple human failure to follow established procedures [which] allowed the scam to succeed…” This one was three payments initiated by three different fraud scams in four weeks. In each of these instances, the process was not followed.

All of this to say that while it is great the attempts are down, if we expect the successful frauds to also stay down, organizations need to be more vigilant in continuously testing and improving their controls. Procurement fraud never sleeps, and neither should you. Even the most thoughtfully built vendor onboarding and verification process only works if your humans actually follow it.

We will be at the TMANY New York Cash Exchange in June, with Mr. Arehart from Chubb, talking about what you should be asking your risk team and your insurance company about your process, what is protected, and how these types of scams succeed despite your best efforts.

Payments Fraud and Your Vendor Master: The Risk Inherent in Your Verification Process

June 7, 11 AM

Sign Up Here

Get Ready for Vendor Management Day 2026

Vendor Management Appreciation Day (VMAD) returns this year—and we’d love to have you join the celebration. There’s never a wrong time to recognize one of the most essential yet often overlooked functions in every organization: vendor management.

We’re already preparing for this year’s festivities, and we want the entire community to be part of it. VMAD was created to bring vendor management professionals together, spotlight the innovation happening in the field, and give this important work the recognition it deserves.

Throughout the year, we’re rolling out monthly gifts and resources to help elevate your vendor management practice. We’re also planning a series of events designed to spark connection, learning, and celebration across the profession.

While you wait for the big day, explore what’s new—and grab some free vendor management goodies.

Want Help Aligning Teams On Procurement Fraud?

Explore our blogs below. They’re filled with action items you can implement right away.

What Is Business Identity? Why It Matters, and How to Get It Right

Why Supplier Verification Is the First Line of Defense Against Risk

The Supplier Risk Assessment Process: A Step-by-Step Framework

Why Supplier Lifecycle Management Is the New Frontline of Cybersecurity

Interested in More Tips On Procurement Fraud?

Subscribe to our blog

Want Personalized Guidance On Procurement Fraud?

Contact Us–we’d love to help you

Frequently Asked Questions

People Also Ask—Procurement Fraud FAQs

What is procurement fraud, and how does it typically occur?

Procurement fraud refers to schemes that exploit purchasing, vendor management, or payment processes for personal or financial gain. These schemes can involve internal employees, external vendors, or a combination of both. Common examples include fake or shell vendors, invoice manipulation, and unauthorized changes to vendor master data. Procurement fraud often occurs gradually and blends into routine operations, making it difficult to detect without strong controls and visibility.

Why is procurement fraud so difficult for organizations to detect early?

Procurement fraud is challenging to detect because it often hides within legitimate-looking transactions and established workflows. Many organizations rely on manual reviews, email approvals, and trust-based processes that provide limited transparency. When documentation is incomplete or audit trails are weak, fraudulent activity may go unnoticed for months or even years. In many cases, procurement fraud is uncovered only during audits, whistleblower reports, or after financial losses have already occurred.

Which stages of the procurement process are most vulnerable to fraud?

The highest-risk stages include vendor onboarding, vendor master data maintenance, invoice approval, and payment changes. These points involve sensitive data and often lack consistent validation. For example, if banking changes can be requested via email, attackers or insiders may exploit that channel. Similarly, inadequate segregation of duties—where one individual can create vendors and approve payments—significantly increases fraud risk.

How can organizations reduce exposure to procurement fraud?

Reducing procurement fraud requires a combination of policy, process, and technology. Key measures include segregation of duties, standardized onboarding and change workflows, validation of supplier data, and strong audit trails. Automation plays an important role by enforcing controls consistently and reducing reliance on manual judgment. Regular monitoring, internal audits, and employee awareness also help identify red flags before losses escalate.

Let us show you how we can help

We’d love to walk through your process with you and talk about security, compliance, efficiency and sleeping better at night.

Request a Demo
empty space
PaymentWorks Logo

280 Moody Street, Unit #5
Waltham, MA 02453

Get help with registration.

Follow us on

youtube icon linkedin icon mail icon

Who We Serve

What We Do

Why Trust Us

About Us

Blog

Resources

Request a Demo

Get Paid

Jobs

Partnerships

Partner Referral

Events

© Copyright 2026 - PaymentWorks

Privacy Policy Terms of Service PaymentWorks EarlyPay Terms of Service Transparency in Coverage