Blog
Business email compromise is targeting accounting firms. Here’s how to fight back.
Published Apr 9, 2026 · Updated Apr 13, 2026 · About 5 min read
BEC attacks surged 26% in March 2026, with 10.7 million incidents in Q1 alone — the highest quarterly total on record. Accounting firms handle multiple clients' money, making your vendor payment workflow a high-value target where BEC scams ride in disguised as routine “vendor updates.”
What the attacker is trying to change
- Vendor email domain (spoofed or look-alike sender)
- Bank details (requesting beneficiary changes)
- Invoice details that pressure approvals with urgency
How to stop it with reviewable signals
Vantirs connects to QuickBooks Online and fingerprints vendors based on payment history. When an invoice request doesn’t match historical behavior, the team receives contextual alerts to review before payment runs.
For the control framework, compare BEC vs VEC in accounting firm workflows. To understand how modern attacks are designed to slip through normal approvals, read pre-approved fraud in AP. The highest-risk single event in AP is a vendor bank account change — see the full verification protocol. Note that BEC is no longer email-only: the $36M WhatsApp impersonation fraud is a sign of where attacks are heading. For compliance deadlines, see the NACHA 2026 ACH fraud monitoring requirements.
Next step: protect AP before the wire leaves
Start with QuickBooks fraud prevention or see how invoice fraud detection works.