800-465-4656 [email protected]

The “F” Word That No One Likes to Talk About

Sep 19, 2025 | Uncategorized | 0 comments

True Story – Bank Detail Scam

Just last month, a client of ours told me about something disturbing – four of their business contacts were tricked into changing supplier bank details.

Here’s how it went down – someone pretending to be from a supplier emailed the bookkeeper. They said the supplier’s banking information had changed and asked for the payment details to be updated. The bookkeeper, thinking they were just following instructions, updated the details.

The next payment went straight into the fraudster’s account, not the supplier’s. By the time the real supplier followed up asking where their money was, it was gone. How much did they lose – $107,000.

This scam is on the rise, and it’s catching smart, careful companies off guard.

And that brings me to the “F” word that most business owners don’t like to talk about…

It is… (cough-cough)… fraud.

Could never happen to you, right? Actually it can, and it does happen to many more businesses than you think.

And, there are two sad truths here:

  1. The “best” designed frauds are very hard to detect, and can go on for years and years undetected.
  2. They are often the most trusted employees who pull them off.

NOTE – please don’t read point (2) and automatically start to mistrust your great employees. 😊

You may think that with perfect Internal Controls you’d have no fraud. Unfortunately, that is not the case.

Even with a 3-way match, there are frauds that are very, very difficult to detect.

For context, a 3-way match is when quantities, price per unit, terms and other details are matched to:

  1. The vendor invoice which has been approved.
  2. The Purchase Order prepared by the company.
  3. The Receiving Report prepared by the company.

Let me walk you through a few frauds that make even the best systems sweat.

Pass-Through Scheme

One fraud expert has said it is very common and very difficult to detect with even good Internal Controls (like 3-way matching).

The pass-through scheme involves three companies:

  1. The supplier company
  2. A shell company
  3. Your company

It goes like this:

  1. The perpetrator places an order with the shell company.
  2. The shell company places an order with the supplier company.
  3. The supplier company ships the goods to your company. The goods are received in the correct quantities and condition.
  4. The supplier company invoices the shell company and the shell company in turn invoices your company with, say, a 5–10% markup.

If that seems like a small markup, think again. I read recently of a company that lost $500,000 per year to a scheme like this.

Here’s how it worked:
A salesperson at a supplier company convinced an employee (of a defrauded company) to buy direct from a shell company with the same terms as the supplier. The first few invoices were passed on exactly, in the same quantities and prices as the supplier.

Then the markups began. The “clever-crooked” salesperson enrolled the employee with kickbacks. In one year, $500,000 was over-charged.

Collusion makes things much harder to uncover. That’s a true story.

Rental Building Fraud

When I was articling to be a Chartered Accountant in my twenties, I remember auditing a public company that managed rental buildings.

A few years before I worked on the audit, the Controller told me what happened:

Her most trusted bookkeeper, working in Accounts Payable, had her boyfriend invoice the company for painting jobs supposedly done on various buildings. She forged building manager initials to “approve” the bills.

It was the kind of expense that made sense for this type of company, so no red flags were raised.

Then, as part of the audit, a call was made to a building manager to verify an invoice—and the shocked manager said the building had NOT been painted at all.

The whole scheme unraveled. The bookkeeper and her boyfriend were charged.

This was a woman the Controller loved and trusted, and it broke her heart. She told me she never trusted anyone after that and became a workaholic, doing until-midnight shifts to cover work she used to delegate.

Sad story. But compared to the pass-through scheme, this one was actually easier to catch (because the goods/services were never delivered). The pass-through scheme is slicker, because the goods do show up.

Over-Ordering

Another tough one to detect: when a trusted employee has physical custody of goods ordered.

Here’s what happens: they over-order a little each time and siphon off the extra goods for resale.

The bills look correct. The receiving reports match. And the person doing the receiving signs off that everything was delivered.

This works especially well with goods that can easily be sold on the open market.

Bank Detail Change Scam (New + Widespread)

This one is exploding right now — and it’s brutally effective because it preys on trust and routine.

How it works:

  1. A person pretending to be from a supplier contacts your bookkeeper or accounts payable team.
  2. They claim the supplier’s banking details have changed and ask you to update the details for the next payment.
  3. Your team obliges, thinking they’re doing the right thing.
  4. The next payment is sent straight to the fraudster’s account — not the supplier’s.

A client of ours has seen this happen with four of their business contacts in just the last few months. That’s how common it’s becoming.

And here’s the kicker – everything looks legitimate. The emails often copy the supplier’s branding, and the request comes across as routine. By the time the fraud is caught, the money is long gone.

How to Avoid

There are a few things you can do:

  1. Screen carefully when hiring. Character matters.
  2. Use Purchase Orders and get them approved.
  3. Separate receiving from purchasing. One person prepares the PO, another does the receiving.
  4. Track inventory in real time. Watch for unusual stock outages.
  5. Audit your vendors. Look for shell companies or ownership red flags.
  6. Use cloud approval software. Programs like ApprovalMax trace approvals back to actual IP addresses (harder to fake than initials).
  7. For banking changes, always verify. Call your supplier at a trusted number (never the one in the email) before updating bank details.

For smaller companies, some basic Internal Controls combined with cloud-based tools are usually enough to prevent fraud.

For larger businesses with millions in purchases, the risks scale — and so does the need for vigilance.

And one last tip: be suspicious of employees in accounts payable or purchasing who never take holidays. Fraud often unravels only when someone else steps in.

At a philosophical level, it’s hard to imagine how people could enjoy spending money they didn’t earn. And yet… they do.

But history shows that frauds nearly always get uncovered, whether through audits, accidents, or a guilty conscience leading to sloppy mistakes.

It’s only a matter of time.

Thanks for reading…

Submit a Comment

Your email address will not be published. Required fields are marked *