ScamSpot for Business

Anti-fraud tools for businesses

Your accounts payable team just received an email claiming the vendor's bank account changed, an invoice that feels off, or a payment request from an executive who is on a flight. Before anyone wires money, run a quick risk read.

ScamSpot for Business gives SMB finance and AP teams free risk indicators for invoice fraud, vendor bank-change scams (a top BEC pattern), and impersonation emails. It does not verify vendors, bank accounts, or invoice legitimacy. It helps you slow down and verify independently.

BEC moves fast, and verification has to move first

Business email compromise (BEC) generated 24,768 IC3 complaints and USD 3.046B in reported losses in 2025. The cheapest control is still a call-back on an independently-verified phone number before any wire, ACH change, or bank-detail update.

Free AP Fraud SOP Kit

Turn this check into an AP policy

Get the vendor bank-change policy, callback script, approval note, incident checklist, and hold triggers for your finance team.

Get the SOP kit Future paid: saved checks, audit log, PDF reports, team templates - $19/mo teaser.

Three free tools for AP and finance

Each tool below paste suspicious text and returns risk indicators, a verification checklist, and escalation steps. None of them verify the vendor or bank account; they help you slow down and verify independently.

  • Invoice Scam Check - enter vendor, sender, amount, PO, payment method, and email text to get a rules-based risk read.
  • Vendor Bank-Change Check - run a payment-detail update through a structured BEC checklist before changing master data.
  • Verify Vendor Email - check sender domain, reply-to mismatch, and impersonation indicators.

What this is not

Be honest with your team about what these tools do and do not do.

  • Not a vendor verification service. We do not call your vendors.
  • Not a bank account validator. We do not query account ownership.
  • Not an invoice authenticity service. We do not look at PDF metadata, signatures, or supplier history.
  • Not a substitute for dual-control approval, callbacks on known phone numbers, or your bank's fraud team.

Recommended AP control loop

Use the tools as the first step in a control loop, not as the decision.

  • Get risk indicators from the relevant tool.
  • Call the vendor on a phone number from your existing records (never a number in the suspicious email).
  • Require a second approver for any payment instruction change.
  • Preserve email headers, attachments, and approval trail.
  • If fraud is confirmed or suspected, report to the FBI IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov).

Free SOP kit for repeatable controls

The invoice checker is strongest when it becomes a finance habit. The AP Fraud SOP Kit packages the callback script, fake invoice checklist, approval-note template, and incident checklist so a small team can document the same control every time.

  • Use the kit after any High or Review result.
  • Route it to controllers, AP processors, bookkeepers, and owners who approve payments.
  • Use the $19/mo saved-checks roadmap as the future paid path once teams ask for audit logs or PDF reports.

Disclaimer

ScamSpot for Business provides risk indicators only. It does NOT verify vendors, bank accounts, or invoice legitimacy. Always call the vendor on an independently-verified phone number - never one in the suspicious email - before taking action.

  • Not a vendor verification service.
  • Not a bank-account ownership validator.
  • Not legal, financial, or compliance advice.
  • Report confirmed fraud to the FBI IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov).

Typical BEC vendor bank-change pattern

Hi - our accounting team switched banks this week, please send today's wire to the new account in the attached PDF. Time-sensitive.

  • Bank-account change combined with same-day urgency is a classic BEC pattern.
  • Verify by calling the vendor on a number from your existing records, never one in this email.
  • Require dual approval before processing any bank-detail change.

ScamSpot for Business FAQ

What is business email compromise (BEC)?

BEC is a fraud pattern where attackers impersonate or compromise a vendor, executive, or trusted contact to redirect payments or steal data. The FBI IC3 calls it one of the most financially damaging cybercrimes.

Does ScamSpot verify that a vendor or bank account is legitimate?

No. ScamSpot for Business gives risk indicators only. It does not verify vendors, bank accounts, or invoice legitimacy. Always call the vendor on an independently-verified phone number before taking action.

Who should use these tools?

SMB accounts payable, finance, controllers, and operations leads who handle invoice approval, vendor onboarding, and payment instruction changes.

Where do I report a confirmed BEC or invoice fraud incident?

In the US, report to the FBI Internet Crime Complaint Center (ic3.gov) and the FTC (reportfraud.ftc.gov). Notify your bank and the impersonated vendor immediately.

Is this a replacement for an AP automation or email security tool?

No. It is a free first-look risk read. Dedicated AP automation, vendor master data controls, and email security gateways add layers ScamSpot does not.

What should a team do after a High risk result?

Hold the payment, verify the vendor through trusted records, require dual approval, preserve the suspicious email and attachments, and use the AP Fraud SOP Kit to document the decision.

Can ScamSpot Business send the SOP kit by email?

Yes. The AP Fraud SOP Kit page captures only contact details, sends the kit links by email, and offers an optional weekly AP fraud summary opt-in.