Vendor Impersonation Gets Real with AI

by | Oct 29, 2025 | Accounts Payable, Data Security, Portals, Vendor Portal

Most Accounts Payable professionals have heard at least one horror story where a vendor sends an email to update their ACH or payment detail information. You make the change in your accounting system and send the payment, only to find out later it wasn’t really your vendor that you were talking to.  Their email was hacked or mimicked, and you were the victim of a phishing tactic that is used to impersonate the vendor and commit fraud. This act falls into the broad category of Business Email Compromise (BEC), as defined by the FBI. With the help of AI, it is getting more frequent and sophisticated.

Why Pick on Accounts Payable

Before we analyze the issue, we should at least address why Accounts Payable departments would be the target of these types of phishing threats.  This is a super easy question to answer.  AP departments pay people. If you were trying to commit fraud, wouldn’t you want to get paid for it?  More specifically:

  • AP processes large dollar transfers with often last-minute changes. This is unfortunately exactly what attackers want, as their requests are not seen as out of the ordinary.
  • Accounts Payable Departments and Vendors typically communicate a lot and therefore build trust. So, little to no validation of account requests is common as it is seen as unnecessary or an imposition. Yet another opportunity that vendor impersonators are looking to exploit.

How Does Vendor Impersonation Work

Vendor impersonation and phishing follow typically recognizable patterns that AP teams should be familiar with:

  • Invoice or remit instruction change: an email appears to come from a vendor asking to change the bank account or routing details.
  • Fake payment portals or documents: attackers send a link to a “new invoice” hosted on a website or document share that has been copied from the vendor’s real site.
  • Vendor Email Compromise (VEC): fraudsters gain access to a legitimate vendor account and send authentic looking messages from the real domain.

The consequences can be painful. This includes unauthorized wire transfers, checks sent to the wrong address, legal exposure and costly recovery, often with little to no hope of actually getting the money back.

How AI Supercharges Impersonation

Like most processes that are augmented with AI, the threats are not necessarily new, they are just coming at you at warp speed. Generative AI lets attackers produce convincing, personalized messages, fake websites and even realistic audio, all at scale.  The result is that the phishing message looks less like spam and more like a legitimate message from a trusted vendor.  All of this at much less effort for the person conducting the attack. So not only are you receiving better-looking emails requesting fraudulent changes, but now it is followed by a phone call and a conversation confirming the request. The only problem is that none of them are actually real. This all increases the likelihood that an AP clerk, even a very vigilant one, will accept the request as legitimate.

How to Protect Yourself

Other than being more vigilant, an effective mitigation strategy to vendor impersonation is to establish a secure and trusted vendor portal for communication. By minimizing your standard communication of emails, phone calls, etc., you can focus on establishing a secure extranet in which vendors have to initiate changes through a self-service portal.

Here is how a portal can help:

  • Centralized and authenticated communication: Vendors must log in using MFA to upload invoices, change bank details, or submit tax forms. This eliminates the need to accept these changes via email or over the phone.
  • Audit trail and approvals: Every vendor request can be routed for approval, with timestamps and user IDs, allowing fraudulent attempts easier to detect and investigate.
  • Integrated vendor verification: Portal workflows can incorporate approval steps that require the vendor to approve the request, using alternate contact methods than email, such as text or an outbound phone call. A hacker would not only need to highjack a vendor’s email but also their cell phone.
  • Reduced dependency on attachments in email: Instead of emailing invoices back and forth, vendors upload them into the portal, therefore removing a process that is the most easily exploited by phishing attempts. If a vendor emails an invoice, you already know it is suspicious.
  • ERP integration: The portal can integrate with your ERP to confirm contact information to make sure it is not being impersonated with a like-domain or phone number.

While no security measures are 100% foolproof, a single point of entry portal is much easier to secure than the variety of different collaboration methods that exist with voice, email, instant messaging, etc.

DynamicPoint’s SharePoint-Based Vendor Portal

DynamicPoint’s vendor portal turns a Microsoft 365 SharePoint extranet into a secure, integrated portal that connects vendors directly with the organization’s ERP data and workflows. Because the solution is built on SharePoint Online and integrates with Microsoft 365, it brings several inherited advantages, as follows:

  • Microsoft security: SharePoint Online inherits all your typical Microsoft security, including, encryption at rest and in transit, conditional access policies, role-based security, and a ton of compliance certifications (SOC, ISO, etc.).
  • Single sign-on and MFA: Vendors authenticate through Entra ID (using external accounts), enabling multi-factor authentication (MFA), and conditional access to lock down access based on risk signals. So as opposed to trusting email for vendors to confirm their identity, you can utilize Entra ID with all its safeguards.
  • Full auditability: Every vendor action in the portal is logged and can trigger workflows including email or text notifications. This is not only helpful for seeing who did what but can assist in the investigation of suspected fraud if it is to occur.
  • Streamlined process: A process is easier to manage and audit if it is streamlined. DynamicPoint’s portal can integrate vendor submissions directly into ERP applications, removing manual copy and paste steps.

In summary, instead of trusting email or voice requests, AP teams can insist on portal-submitted changes that follow a predefined, auditable approval process.

Interested in Learning More

If you are interested in learning more about creating a SharePoint vendor portal, please visit the links below: