The payment process acts as a critical vulnerability point within global supply chains and often remains underappreciated by finance and security leaders.

Why would cybercriminals focus on traditional cybersecurity measures when social engineering tactics can directly manipulate financial transactions? With the rise of AI, phishing attempts are becoming more sophisticated and harder to detect.

As supply chains become increasingly complex, attackers are focusing on exploiting human interactions and third-party relationships during large transactions. This gap is not covered by standard email security measures and can result in significant financial losses for companies.

Analysis of Cybersecurity Threats

The World Economic Forum’s

Global Cybersecurity Outlook 2025

identifies the malicious use of generative AI as a top concern for nearly half of global organizations, making it an essential topic at boardroom meetings.

Risk through Social Engineering

Large corporations, from CFOs to finance and accounts payable teams, handle numerous invoices and interact with many vendors. This environment creates opportunities for attackers to insert fraudulent invoices or impersonate executives demanding urgent payments, thereby diverting funds.

Social engineering is the method most cybercriminals use to redirect funds, accounting for

98%

of all attacks. These tactics exploit human weaknesses by manipulating individuals to disclose sensitive information or take actions that compromise their and their organization’s security.

According to the Association for Financial Professionals’

2025 Payments Fraud and Control Survey

, 79% of organizations experienced attempted or actual payment fraud in 2024, highlighting the pervasive threat within financial operations.

Tactics and Vulnerabilities

Business Email Compromise (BEC) remains highly effective, with attacks often bypassing traditional email security filters due to their integration into everyday financial processes. However, a shift is observed as vendor impersonation has become more prevalent.

This trend underscores the rise of Vendor Email Compromise (VEC), where attackers exploit trusted third-party relationships to redirect payments. Unlike classic BEC, VEC attacks originate from external sources and are harder to detect because they mimic real communications.

Generative AI exacerbates this issue by enabling sophisticated phishing attempts that can convincingly replicate human voices and video interactions. An example of such an attack is reported in

Human Resource Director Magazine

where a finance executive nearly wired $500,000 after interacting with a deepfake of their CFO.

Urgency plays a crucial role in these attacks as messages claiming time-sensitive transactions can trigger immediate action. Additionally, the frequency and scale of financial operations make subtle changes to bank details or payment instructions more likely to go unnoticed.

Protection Strategies

Despite the growing awareness among CEOs about cyber threats, many organizations still underestimate the impact of payment fraud. The World Economic Forum reports that cyber and espionage remain key concerns for one in three executives.

To address these risks, businesses need to adopt comprehensive security measures that extend beyond email protection. This includes investing in end-to-end visibility, cross-functional team alignment, and advanced AI technologies capable of identifying anomalies that traditional tools might miss.

Until companies secure the systems responsible for moving money as effectively as they monitor communications about it, they will remain exposed to hidden cyber threats that could have severe financial repercussions.