The Rise of Vendor Fraud in a World of AI and Trade Chaos

The rising trade tensions are prompting businesses to reconfigure their global vendor networks at breakneck speed. But in their rush to avoid the impact of tariffs and rising costs, many are walking straight into a minefield of fraud.

With supply chains under strain and urgency driving decision-making, procurement and finance teams are rapidly forging new vendor relationships and payment channels. These fast-moving changes, made under pressure, don’t just increase risk — they also expose a threat that has been hiding in plain sight for years. According to the AFP’s 2025 survey, 79% of organizations reported experiencing payment fraud in 2024.

Trade war pressures are now throwing fuel on the fire. Fraudsters are already weaponizing generative AI to impersonate vendors, reroute payments and slip through onboarding workflows. Now, as the chaos intensifies, they’re finding it even easier to blend in.

What Fraud Looks Like Today

It is no secret that cybercriminals have an end goal: a pay day. To get there, they use every available tool at their disposal, and the most common weapon in their arsenal is social engineering. According to Nasdaq, invoice and payment fraud now costs United States businesses over $100 billion annually. 

A textbook scheme for cybercriminals is vendor impersonation and payment redirection. In these attacks, fraudsters either gain access to an account or create a fake account from a vendor that their target does business with. After establishing communications with their target, they will then send fake invoices and provide updated fraudulent bank information, rerouting the target company’s payment to their own account when the invoice is paid. 

The city of Baltimore became a victim of such an attack when a hacker stole $1.5 million in a vendor impersonation attack in March. According to reports, the threat actor made contact in the fall of 2024 and built trust with city departments using publicly available information to impersonate an employee of one of their vendors. After gaining credibility, they infiltrated the city’s IT systems and changed the vendor’s banking information — redirecting funds to their own account.

On a weekly basis, I see this same scenario play out firsthand with the companies I work with. Recently, I spoke to a business that was one click away from paying a $1.2 million invoice to a group of fraudsters. This company had all the top-of-the-line security tools and proper internal controls in place. But their vendor did not. 

The vendor’s CEO had their email compromised, and the hacker lurked undetected — eventually finding a real $1.2 million invoice and bank details. They then used this data to trick the vendor’s bank into creating a real (but fraudulent) account. The attacker submitted a bank wire change request with the new info, which was sent to the target company. The request passed all internal checks. All it needed was one signature — and the money would have been gone.

Now take their scenario and place it in today’s chaotic climate, where businesses are rapidly switching third-party vendors in response to the looming trade war. There’s no baseline for interactions between the organization and its new supplier, which makes it far easier for attackers to easily and successfully impersonate vendors. 

How to Protect Against This Heightened Threat

No matter what the trade war headlines are next week, month or year, one thing is clear: vendor and payment fraud is already on the rise — and it’s becoming more effective by the day. And these days, with the added volatility of shifting global trade dynamics, businesses must urgently shore up the growing risk of vendor and payment fraud — especially as they continue to adjust supplier relationships to navigate the current economic landscape.

To fight back against this new wave of fraud, companies must go beyond surface-level fixes. Organizations must: 

• Train teams across departments. Keep finance, procurement, and security aligned and informed on the latest tactics.
• Automate and verify onboarding. Use tools that enforce multi-level approval, detect inconsistencies, and reduce blind spots between teams.
• Leverage AI to flag suspicious behavior. Behavioral AI can catch anomalies across vendors, payment patterns, and workflows— long before money moves.
• Secure the full payment process, end-to-end. Fraud doesn’t start or stop with a single email or invoice. Companies need full visibility and protection from onboarding through approval to final payment execution. 

To stay ahead, business leaders must rethink their vendor risk models and modernize their security stack — not just to survive trade disruption, but to prevent irreversible losses. Those that align finance, procurement and security teams will outpace those who don’t. And rather than panic, organizations can use this volatile period to build resilient, fraud-resistant systems that set them up for long-term success.