How to Spot a Fake Vendor Payment Request at Your Veterinary Practice

It is a normal Tuesday. You open an email that looks like it came from a distributor your practice has ordered from for years. The logo is right, the contact’s name is familiar, and the message is short: the company has changed banks, and the next payment should go to a new account. An invoice is attached. Nothing about it feels wrong, so you pass it along to whoever cuts the checks.

That email may not be from your distributor at all.

What this scam actually is

This is what security people call business email compromise, which is a plain way of saying someone pretends to be a person or company you trust in order to redirect a payment or rush a transfer. There is usually no virus and no broken system. The whole thing runs on a believable message and a busy day.

Veterinary practices make good targets for a simple reason. A clinic trades email with a steady stream of vendors: food and pharmacy distributors, lab and imaging companies, equipment suppliers, the payroll service. Payment details do change from time to time, so a request to update them does not automatically look strange. When the people approving invoices are also running a front desk, fielding calls, and juggling appointments, one more routine-looking email slides right through.

What the fake ones tend to have in common

The goal is almost always money, so watch what the email is asking you to do. A request to change banking information, reroute a payment, or pay an invoice faster than usual deserves a second look, no matter how ordinary it seems.

A few other patterns show up again and again:

  • The sending address is close but not exact. A single swapped or missing letter in the domain is easy to miss.
  • The reply-to address does not match the company you think you are talking to.
  • There is a sense of urgency. The payment is late, the account is on hold, the deadline is today.
  • The new account details arrive with little explanation and a polite request to keep things moving.

None of these on their own proves anything. Put together, alongside a request to move money, they are worth a pause.

The one habit that stops most of it

Here is the rule worth posting by every desk that touches invoices: verify any payment change using contact information you already have, never the contact vendors via the information in the email.

If a message says your distributor switched banks, call the number on a past invoice or the one saved in your records and confirm. Do not call the number in the new email, and do not simply reply to it. A real vendor will not mind a thirty-second confirmation call. The people behind a fake request are counting on you skipping it.

This matters most for the vendors who handle your pharmacy and controlled-substance orders, because those are exactly the accounts a clinic would expect to update and exactly the ones worth impersonating.

Where the technology helps

A good habit is the first layer. A few protections working quietly behind it make the habit easier to keep.

Modern email security can flag messages where the sender is impersonating a known contact, and it can add a small banner marking mail that came from outside your practice, which makes a spoofed internal note stand out. Email authentication, a set of behind-the-scenes settings that help confirm a message really came from the domain it claims, blocks a large share of forgeries before anyone reads them. And having a helpdesk to forward a suspicious email to means staff can ask first instead of guessing.

These are capabilities the VetDPS® standard expects every protected practice to have in place. The point is not a particular product. The point is that the protection exists, it is turned on, and someone is watching it. In a fully managed IT setup, those protections are kept current and monitored, not set once and forgotten.

The takeaway

The email that costs a practice money rarely looks like a threat. It looks like a Tuesday. The defense is not complicated: treat any request to change where money goes as something to confirm out loud, through a number you already trust, and let a few quiet protections catch what slips past. One short phone call is almost always cheaper than the alternative.

A fake vendor email with five warning signs marked: a lookalike sender domain, an urgent subject, a request to change bank details, pressure to pay today, and an unexpected attachment.

Related Posts

Scroll to Top