Stay Vigilant Regarding Vendor Payment Fraud

June 16, 2026

Enterprise Technology Services (ETS) would like to make the community aware of a growing cybersecurity threat targeting educational institutions across the country.  

The FBI recently issued an alert regarding a Business Email Compromise (BEC) scheme in which cybercriminals impersonate trusted vendors and suppliers to redirect institutional payments to fraudulent bank accounts. These messages often originate from trusted contacts and ongoing conversations, making them particularly difficult to detect. The attacks have impacted colleges, universities, school districts, and other educational organizations, resulting in significant financial losses. 

 

How the Scam Works 
Cybercriminals may: 

  • Compromise a legitimate vendor’s email account or create a nearly identical email address. 
  • Monitor ongoing communications between vendors and institutions. 
  • Request changes to payment methods or banking information. 
  • Send invoices containing fraudulent account details. 
  • Use company logos, employee names, signatures, and branding to make communications appear legitimate. 

Warning Signs 
Be cautious of: 

  • Requests to change vendor banking information or payment methods. 
  • Emails asking for urgent payment updates before holidays, weekends, or staff absences. 
  • Slight misspellings or unusual characters in email addresses or domains. 
  • Requests to send payments to unfamiliar bank accounts. 
  • Messages that create a sense of urgency or pressure immediate action. 

Protect Yourself and Howard University 
Before processing any payment-related request: 

  • Verify requests using a trusted phone number or contact information obtained independently of the email. 
  • Confirm banking changes through an established secondary verification process. 
  • Carefully review sender email addresses for subtle variations or misspellings. 
  • Do not assume logos, signatures, or familiar language guarantee legitimacy. 
  • Report suspicious emails immediately to ETS. 

Remember: When in doubt, verify before you act
Cybercriminals rely on trust, familiarity, and urgency to convince victims to bypass normal verification procedures.  

Taking a few extra moments to validate a request can prevent significant financial and operational impacts. If you receive a suspicious email or believe you may have encountered a phishing attempt, please report it immediately to ETS. 

Thank you for your continued support as we enhance our services to better serve the Howard University community. 

Categories

Tech Tuesdays