Ghost Vendor Fraud
Fictitious suppliers that exist only in your accounting system, created to siphon money to accounts controlled by insiders or external attackers. They don't deliver goods. They don't provide services. They just get paid.
Source: ACFE, industry vendor risk reports
What is ghost vendor fraud?
Ghost vendor fraud is the creation of fictitious supplier records in your accounting or ERP system, designed to route payments to bank accounts controlled by the fraudster. The vendor doesn't exist as a real business. There are no goods delivered, no services rendered. It's a shell designed to look legitimate enough to pass a payment run.
Unlike fake invoice scams where an external party sends you a bogus bill, ghost vendor fraud is almost always an insider threat. The person creating the vendor record is typically someone in your finance or accounts payable team with the access and knowledge to make it look legitimate.
According to the Association of Certified Fraud Examiners (ACFE), billing schemes (which include ghost vendors) are the most common form of occupational fraud, accounting for 22% of all cases. The median loss is significant, and the median detection time is 18 months. That's 18 months of payments flowing to an account that shouldn't exist.
The risk is highest in organisations where one person can create a vendor, submit an invoice, and approve a payment without independent oversight.
How ghost vendor fraud works
Ghost vendor schemes are patient and systematic. The fraudster uses their legitimate access to build a convincing paper trail.
Create the ghost vendor
The insider creates a new vendor record in the accounting system. The name sounds plausible: "National Office Maintenance" or "Metro Consulting Services". They use a PO Box or virtual office address, a prepaid phone number, and a bank account they control.
Submit invoices against the vendor
Invoices are generated for vague, hard-to-verify services: consulting, maintenance, cleaning, IT support. The amounts are kept below approval thresholds or within expected ranges so they don't trigger review.
Approve and process payments
If the insider has approval authority (or the organisation lacks segregation of duties), they approve the invoices themselves. The payments are processed in normal payment runs, blending in with hundreds of legitimate transactions.
Extract and repeat
Money flows to the fraudster's account. The scheme continues for months or years, with the insider adjusting amounts and timing to avoid detection. Many ghost vendor schemes are only discovered during audits, staff changes, or by accident.
Warning signs of ghost vendors
Ghost vendor records often leave traces. Regular vendor master file reviews can catch these patterns before the losses compound.
Vendors with PO Box or virtual office addresses
Ghost vendors rarely use real business premises. Watch for addresses that can't be physically verified or that match the employee's personal details.
No purchase orders or contracts
Legitimate suppliers typically have purchase orders, contracts, or agreed engagement terms. Ghost vendors have invoices and nothing else.
Vague service descriptions
"Consulting services", "maintenance", "professional services" with no specifics. The descriptions are deliberately vague because there's nothing real to describe.
Vendor bank details matching employee accounts
The most direct red flag. If a vendor's BSB and account number match or relate to an employee's personal banking details, that's a serious concern.
Invoices just below approval thresholds
Consistently landing at $4,900 when the approval threshold is $5,000. The amounts are calibrated to avoid triggering management review.
Single-contact vendors
Only one person in the organisation ever deals with this vendor. No one else has met them, spoken to them, or verified their work.
How ezyshield prevents ghost vendor fraud
A ghost vendor can't pass verification because it doesn't exist. ezyshield checks the real world, not just your accounting system.
ABN/ASIC validation
Every vendor's ABN is checked against the Australian Business Register and ASIC records in real time. Fictitious businesses don't have valid registrations.
Bank account ownership
The bank account must belong to the verified business entity. An employee's personal account won't match the vendor's ABN, and the verification fails.
Identity verification
A real person behind the vendor must complete biometric identity verification. Ghost vendors have no real person to verify.
Related content
Insider Threats
Ghost vendor fraud is almost always an insider threat. Understand the broader pattern.
THREATFake Invoice Scams
External invoice fraud that targets the same AP processes ghost vendors exploit.
LEARNSupplier Verification
How to verify every supplier before adding them to your payment system.
PRODUCTHow ezyshield Works
Automated verification that makes ghost vendors impossible.
Ghost vendors can't survive verification
ezyshield checks every vendor against real-world identity, business registration, and bank account ownership. Fictitious suppliers can't pass.