ScamSpot for Business

Anti-fraud tools for businesses

Your accounts payable team just received an email claiming the vendor's bank account changed, an invoice that feels off, or a payment request from an executive who is on a flight. Before anyone wires money, run a quick risk read.

ScamSpot for Business gives SMB finance and AP teams free risk indicators for invoice fraud, vendor bank-change scams (a top BEC pattern), and impersonation emails. It does not verify vendors, bank accounts, or invoice legitimacy. It helps you slow down and verify independently.

Check an invoice Read FAQ

Quick answer

BEC moves fast, and verification has to move first

Business email compromise (BEC) cost organizations more than USD 2.9 billion in 2023 per the FBI IC3. The cheapest control is a call-back on an independently-verified phone number before any wire, ACH change, or bank-detail update.

Three free tools for AP and finance

Each tool below paste suspicious text and returns risk indicators, a verification checklist, and escalation steps. None of them verify the vendor or bank account; they help you slow down and verify independently.

  • Verify Invoice - paste the invoice email or PDF text and get B2B-tuned red flags.
  • Vendor Bank-Change Verification - run a bank-change request through a structured BEC checklist.
  • Verify Vendor Email - check sender domain, reply-to mismatch, and impersonation indicators.

What this is not

Be honest with your team about what these tools do and do not do.

  • Not a vendor verification service. We do not call your vendors.
  • Not a bank account validator. We do not query account ownership.
  • Not an invoice authenticity service. We do not look at PDF metadata, signatures, or supplier history.
  • Not a substitute for dual-control approval, callbacks on known phone numbers, or your bank's fraud team.

Recommended AP control loop

Use the tools as the first step in a control loop, not as the decision.

  • Get risk indicators from the relevant tool.
  • Call the vendor on a phone number from your existing records (never a number in the suspicious email).
  • Require a second approver for any payment instruction change.
  • Preserve email headers, attachments, and approval trail.
  • If fraud is confirmed or suspected, report to the FBI IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov).

Disclaimer

ScamSpot for Business provides risk indicators only. It does NOT verify vendors, bank accounts, or invoice legitimacy. Always call the vendor on an independently-verified phone number - never one in the suspicious email - before taking action.

  • Not a vendor verification service.
  • Not a bank-account ownership validator.
  • Not legal, financial, or compliance advice.
  • Report confirmed fraud to the FBI IC3 (ic3.gov) and the FTC (reportfraud.ftc.gov).

Typical BEC vendor bank-change pattern

Input

Hi - our accounting team switched banks this week, please send today's wire to the new account in the attached PDF. Time-sensitive.

What to notice

  • Bank-account change combined with same-day urgency is a classic BEC pattern.
  • Verify by calling the vendor on a number from your existing records, never one in this email.
  • Require dual approval before processing any bank-detail change.

ScamSpot for Business FAQ

What is business email compromise (BEC)?

BEC is a fraud pattern where attackers impersonate or compromise a vendor, executive, or trusted contact to redirect payments or steal data. The FBI IC3 calls it one of the most financially damaging cybercrimes.

Does ScamSpot verify that a vendor or bank account is legitimate?

No. ScamSpot for Business gives risk indicators only. It does not verify vendors, bank accounts, or invoice legitimacy. Always call the vendor on an independently-verified phone number before taking action.

Who should use these tools?

SMB accounts payable, finance, controllers, and operations leads who handle invoice approval, vendor onboarding, and payment instruction changes.

Where do I report a confirmed BEC or invoice fraud incident?

In the US, report to the FBI Internet Crime Complaint Center (ic3.gov) and the FTC (reportfraud.ftc.gov). Notify your bank and the impersonated vendor immediately.

Is this a replacement for an AP automation or email security tool?

No. It is a free first-look risk read. Dedicated AP automation, vendor master data controls, and email security gateways add layers ScamSpot does not.