top of page
Wave Header Background_edited.png
Background Waves_2x.webp

Chart your course to stress-free IT today.

Your team deserves to focus on what they do best—not troubleshooting tech issues. Let North Star Networks simplify your systems, secure your data, and save you time and money.

Ready for smoother sailing? Let’s start today.

NSN_CTA Art_2x.webp
NSN_Stacked Logo_White.png
Facebook Icon.png
Linkedin Icon.png

Hours

Mon  - Fri: 8am - 5pm

Sat & Sun: Closed

After hours appointments available

© 2025, North Star Networks, LLC. All Rights Reserved.

Secure Your Accounts Payable Department From Attacks by AI Tools

  • Michael Lynn
  • May 7
  • 4 min read

Updated: May 13

Criminals using AI tools to steal money from your business through your Accounts Payable dept.

It’s a statistic that sends a shiver down the backs of central Kentucky business owners, managers and employees. 


According to the FBI's 2025 Internet Crime Report, business email compromise (BEC) cost US businesses more than $3 billion last year. You've probably seen BEC attempts before. Those emails that come from 'Microsoft' or 'Google' telling you that someone's trying to login to your email and you need to 'click here to update your password'. Or the email to your accounts payable (AP) department from a vendor who needs you to update their bank information out of the blue.


At a $3 billion loss for businesses last year, it's become one of the most financially damaging cybercrimes on record and AI has made these attacks harder to detect. The question for AP teams is no longer whether they can identify suspicious requests. It is whether the processes around payments make fraud difficult regardless of how convincing it looks.


Why AP Teams Are in the Crosshairs


Accounts payable sits at the intersection of trust and timing. AP teams process invoices, manage supplier details, and execute payments, often under pressure to keep operations running smoothly.


For attackers, that combination is ideal.


Most successful fraud doesn't involve breaking into systems.


The FBI's Internet Crime Complaint Center (IC3) has consistently found that BEC attacks rely on impersonation. This involves posing as a trusted executive, supplier, or internal colleague to redirect payments or update bank details before anyone notices.

AI has made that impersonation dramatically more scalable.


Where it once required skill and time to craft a convincing request, tools are now widely available that automate the research, writing, and contextual tailoring that make fraud blend into normal AP workflows.


What AI-Enhanced Fraud Looks Like in Practice


Emails that blend into normal workflow


Traditional phishing relied on volume and imperfection. AI has changed that.

Modern BEC emails are grammatically correct and written in the specific tone of the executive or supplier being impersonated. They reference active projects, current invoice numbers, and upcoming payment runs.


For AP teams processing high volumes of routine communications, that level of familiarity is exactly what lowers the guard.


Invoice and payment redirection


One of the most common AP fraud patterns involves payment redirection.

Attackers may intercept a legitimate invoice exchange and quietly alter the destination account. They then send a short message claiming a supplier has updated its banking details, or re-issue a real invoice with minor modifications.


The surrounding content looks entirely legitimate because, in many cases, it is drawn from real correspondence.


Voice cloning and executive impersonation


Email isn’t the only channel being exploited.


AI voice-cloning tools can replicate a person’s voice from a short audio sample. That makes it possible to leave convincing voicemails or place calls that sound like a known executive.


For AP teams accustomed to verbal approvals on high-value or urgent payments, this removes one of the few remaining verification methods that email security alone cannot address.


Why Traditional Checks No Longer Work


Security awareness training still matters, and investing in it remains worthwhile. But AI has changed what AP teams are up against.


Attacks no longer contain the signals that training programs once focused on: awkward phrasing, mismatched logos, odd sender addresses, or generic greetings.


Modern fraud emails can reference the recipient's organization, active suppliers, and current invoice values drawn from publicly available or previously intercepted sources.

When a fraudulent request is indistinguishable from a legitimate one, placing the burden of detection on the AP team puts it in the wrong place.


The organizations that reduce risk are not asking staff to be more suspicious. They are building verification processes that work independent of how a message looks.


Building Process Around the Risk


The most effective defense is not sharper instincts. It is removing ambiguity from high-risk actions.


Out-of-band verification as standard


Any request to change supplier bank details or approve an urgent payment outside the normal cycle should require secondary confirmation through a known, independent channel — not a reply to the same email thread. Calling a supplier on a number already on file, or confirming with a colleague directly, breaks the impersonation chain regardless of how convincing the original request appeared. This step does not require technology. It requires a written procedure and the team's habit of following it.


Layered access and authentication controls


Restricting access to financial systems and enforcing multi-factor authentication limits the damage a compromised account can cause. If an attacker gains access to a vendor's email, MFA requirements on the receiving end create friction that can slow or stop a fraudulent change before any money moves.


A culture that supports slowing down


Fraud prevention improves when staff feel safe questioning requests, including from senior leadership.


A team member who pauses a payment to verify it is not being obstructive. They are doing exactly what good process requires.


Building that culture starts with leadership modeling the behavior and making clear that slowing down on high-risk actions is always the right call.


The FBI's 2025 Internet Crime Report included a dedicated AI section for the first time, logging more than $893 million in AI-enabled scam losses across more than 22,000 complaints.


When verification is standard and questioning is encouraged, AI-enhanced fraud loses much of its advantage.


The technology attackers use is advancing quickly, but the process controls that contain the damage do not have to be complicated. They have to be consistent.


Shift the Burden from People to Process


Concerned about AI-enhanced fraud targeting your finance teams or clients?

Contact us at North Star Networks or schedule a consultation to review your current controls and identify where the most important gaps are.


Article FAQs


Why are Accounts Payable teams targeted so often?


AP teams manage payments and supplier details, making them a direct path for attackers to move money without breaching technical systems.


Can awareness training alone stop AI-driven fraud?


No. Awareness helps, but AI scams often look legitimate. Strong verification processes are essential.


Is voice-based fraud really a risk?


Yes. AI voice cloning allows attackers to impersonate executives convincingly, making phone-based approvals vulnerable.


Article used with permission from The Technology Press. 

 
 
 

Comments

bottom of page