Perhaps you’ve heard of the fraud triangle. It posits that the three necessary ingredients for fraud are opportunity, incentive or pressure, and rationalization. That's particularly true for insider fraud, but behind every Business Email Compromise (BEC) attempt is someone who seized an opportunity with the incentive to make money.
This is an excellent framework for understanding fraud, but I would propose another triangle driving a new era of bewildering scams and schemes: cheap, easy, and fast.
The problem with much of the fraud swirling out there right now is that it hits all three corners of that triangle, allowing bad actors to flood inboxes, phones, and other devices with trouble.
Understanding just how cheap, easy, and fast fraud is in 2025—and will be beyond that—helps you understand why comprehensive fraud prevention technology is essential.
BEC = cheap, easy, and fast
Fraudsters look at BEC and think t’s easy to do, and for good reason. They send emails, whether highly targeted or in massive waves, and try to get a target to act. That could be as simple as getting them to click a link to infect their machine, or as complex as impersonating a CEO and sending an urgent-sounding-but-fake request to route a payment to a new account. Either way, it’s mostly just sending emails.
As I told my colleague Paul McMeekin on a recent episode of the Payments Podcast, many of us are in our inboxes all day. We are conditioned to respond quickly and helpfully to questions, which can breed over-trust where we move too quickly. Fraudsters using this triangle are aware of that and look to exploit anyone who isn’t discerning and doesn’t take a beat.
I encountered this in a past role, where someone impersonating our CEO emailing the human resources department, requesting a change in payroll for their compensation. The HR representative, believing the CEO wanted to delegate this task, failed to check for any red flags and processed the request. Just like that, money was lost.
Considering this, I have quick advice, and counterintuitively, it’s to slow down. It sounds like a sin in this era of digital communication and same-day business payments, but slowing down is the cheap, easy, and fast way to prevent most fraud attempts.
That’s particularly true with new tools available to bad actors. Artificial intelligence (AI) has the potential for fraud prevention, but it’s making sending those emails easier. AI tools can generate more realistic-sounding emails, research targets, and provide incredibly realistic invoices and receipts to aid fraudsters. In one disturbing example I read about recently on TechCrunch, ChatGPT cheerfully generated rumpled-looking, hyper-realistic photos of receipts, which could be used by unscrupulous employees to defraud companies.
Catching these kinds of fraud requires more than just scrutiny, but scrutiny is still a good start.
Fighting back isn’t easy, but it’s faster and cheaper than the alternative
I mentioned above that slowing down and learning to look for suspicious behavior is the cheapest, easiest, and fastest way to prevent fraud. While it can save you a lot of grief (and money!), it’s not going to prevent 100% of fraud, and it doesn’t happen overnight. So, what can you do to tighten cybersecurity?
Educate your team
Education is a must. An employee who takes a beat to consider red flags can prevent a mistake, but what if a CEO’s tone or voice is spoofed? What if the invoice contains no obvious signs to alert the employee before they process payment? In that case, vigilance needs to be supplemented by education. Have fraud experts internally and externally speak to employees, sign your team up for courses with organizations like the Association of Certified Fraud Examiners, and keep up with fraud bulletins from the FBI and news reports.
Secure critical information
An even more crucial step is to move communication and handling of sensitive payment and bank account information into a secure portal. Ideally, any approval of payments and changes to a vendor or internal account number would have to be secured by multi-factor authentication, which keeps bad actors out and forces your team to slow down.
A secure portal and B2B payments network like Bottomline’s Paymode, where every member business is validated, is a sensible choice. A bad actor will find it extremely hard to gain access and, where bank account changes are protected by multiple layers of security and monitoring, it becomes extremely difficult to rush a change through. The employee gets the time to think about the change and a secure partner can put roadblocks in the way of any fraud attempts that prey on that cheap, easy, and fast triangle.
Protect your technology
You don’t want a member of your team clicking a link and inadvertently handing over control of their cell phone to a fraudster. I encourage every business to lock down company phones with SIM card PIN codes that make accessing them more difficult, email domain verification to help weed out fraudulent emails, and multiple layers of authentication on everything from emails and portals to phone voicemail inboxes.
Remember, fraudsters are almost always looking for an easy win. Adding one more hurdle is a great way to slow or stop them altogether.
Pick up the phone
The final piece of advice that I have is to counter fast, easy, and cheap with old-school verification. It’s annoying for any of us to have to look up a number in the system and make a phone call to verify that someone is asking for that bank account change, and the generation entering the workforce right now might have very little comfort with doing so.
But it’s still the most reliable way to confirm that your CEO really does want you to deposit his check in an entirely different account, eliminating the risk that the email you’re replying to is fraudulent. Remember never to call the number on a suspicious email or take an angry but odd-sounding phone call at face value; look up your CEO’s number and dial it directly. The annoyance they might feel if the request is legitimate pales in comparison to the anger they’ll feel if a major sum of money is lost.
Given there is little we can do about how cheap, easy, and fast fraud is to execute, it’s incumbent on all of us to slow down and make life difficult for fraudsters to ensure we avoid expensive mistakes. With the right tools and vigilance, we can make the world of business payments a safer place for everyone.