Vendor Fraud

Expanded Definition

Vendor fraud is a payment and approval deception in which an attacker impersonates a trusted supplier, finance contact, or procurement partner to redirect funds, change banking details, or obtain approval for an illegitimate request. In NHI security, the critical issue is not only email spoofing or business email compromise, but the abuse of identity evidence across channels where a request appears routine because it fits an expected vendor relationship. Guidance varies across vendors on whether the term should be treated as a subset of social engineering, invoice fraud, or impersonation fraud, but in practice it is best understood as an identity assurance failure inside business workflows. That makes it closely related to controls in the NIST Cybersecurity Framework 2.0, especially where organisations validate trusted relationships before acting on financial instructions. Vendor fraud is different from generic phishing because the request often arrives with plausible context, known names, and timing that matches an active supplier relationship. The most common misapplication is treating it as a pure mail-filtering problem, which occurs when finance teams approve changes without independently verifying the vendor’s identity evidence.

Examples and Use Cases

Implementing controls against vendor fraud rigorously often introduces process friction, requiring organisations to weigh faster invoice handling against stronger verification and callback procedures.

• A supplier “updates” banking details through a convincing email thread, but the payment team verifies the change through a separate, pre-established contact channel before releasing funds.
• A procurement officer receives an urgent request to approve a duplicate invoice; the organisation checks purchase order history, vendor master data, and approval authority before acting.
• A finance analyst is asked to reroute payment to a new subsidiary account; the change is blocked until the request is confirmed against approved vendor records and signed change control.
• An accounts payable team reviews patterns of address changes, bank detail updates, and unusual urgency using lessons from NHIMG research on third-party exposure in the Ultimate Guide to NHIs.
• Security and finance jointly map supplier verification workflows to the identity and access discipline described in the NIST Cybersecurity Framework 2.0, especially for approval integrity and response discipline.

Why It Matters in NHI Security

Vendor fraud matters in NHI security because third-party trust is often operationalised through service accounts, payment portals, shared inboxes, and delegated workflows that attackers can manipulate without ever compromising a privileged system directly. NHIMG research shows that 92% of organisations expose NHIs to third parties, which expands the attack surface for supplier-adjacent deception and makes vendor identity verification part of broader governance, not just fraud prevention. The same guide also notes that 97% of NHIs carry excessive privileges, which means a single manipulated workflow can cascade into payment redirection, data exposure, or unauthorised access if approval boundaries are weak. This is why vendor fraud sits at the intersection of NHI lifecycle control, zero trust, and business process assurance. It also aligns with the identity discipline in the Ultimate Guide to NHIs and the control objectives in the NIST Cybersecurity Framework 2.0, where trust must be continuously validated rather than assumed. Organisations typically encounter vendor fraud as a recoverable payment error only after a fraudulent transfer, at which point identity verification becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• How do I select an NHI security vendor?
• What is the difference between vendor risk management and identity governance?
• Why do SaaS vendor breaches create such a wide blast radius?
• What is the difference between vendor risk management and NHI governance?