Invoice fraud is a serious and growing problem. Should you be worried about invoice fraud?
Businesses without robust fraud prevention systems are particularly vulnerable, with smaller businesses accounting departments being at greater risk to their accounting departments are far greater than those experienced by larger organisations.
Invoice fraud is now one of the most commonly used forms of digital fraud directed against businesses, with over half of businesses now seeing invoice fraud as their single biggest threat.
But surely, while common, invoice fraud is for small things like office paper or pens, right? Unfortunately, that is not the case. Businesses often find themselves paying quite large sums of money to invoice fraudsters, with little or no hope of ever recouping the money.
And once the fraudsters have the money, they very quickly wire it out of the country. So, even if the fraudulent activity is identified immediately after the payment is made, it’s often too late. That’s why it is extremely important to prevent invoice fraud in the first place.
Most cases if invoice fraud don’t take the form of cyber hacking or anything as complex. Instead, fraudsters use social engineering – taking advantage of human nature, through exploiting poor training, policies and checking.
With that in mind, our goal with this article is to offer several ways you can prevent invoice fraud from happening in the first place. These prevention tactics rely mostly on best operating practices that can be implemented into your business.
Fraud Tactic #1: They’ll Invoice You From a Fake Email Address
This relatively simple method of invoice fraud relies on two things:
This method of supplier invoice fraud will involve researching your business. Things to figure out:
Then they’ll create a fake invoice for a thousand pounds or so. The email will claim the invoice is 90 days late and must be paid immediately, adding to the stress level of your accounting team (especially if you legitimately have many unpaid invoices to catch up on).
Let’s say you normally order supplies from Paper and Pens Co. Their email domain is email@example.com.
The fraudsters might email you from…
Or some other similar variation of the normal email address.
Here are several ways to prevent fake email fraud:
Fraud Tactic #2: They’ll Hack a Legitimate Company Email Address and Invoice You
This is a more difficult form of fraud for people to pull off successfully. That means it’s a more challenging form of fraud for your team to defend against, as it’s less obvious. If you receive an email from firstname.lastname@example.org, many internet savvy people will say, “That’s not right since no legitimate company uses gmail as their company email provider without attaching the business domain name to the end.”
However, what if your team receives an email from email@example.com asking for a payment? Fraudsters carry out this form of deception by getting the email passwords for a company’s official accounts in some way. They may do this through keylogging (installing software that records keystrokes and sends them to a third party) or social engineering of some kind.
Point is, just because the invoice comes from a “safe” email account doesn’t mean you can let your guard down.
However, there is some good news: even if a company sends you a fake invoice from a real email address, any payment you make would go to the legitimate company in question. As in, you have a “safe” bank account or credit card that you make payments to.
Even if fraudsters have a company’s email account, they’ll need to give you a new payment option before they can profit from their exploits. Which brings us to our third (and final) form of fraud….
Fraud Tactic #3: They’ll Ask You to Change Where You Pay a Company’s Invoices
This is the most crucial form of fraud to be aware of, where your money is taken away from you. The other forms of fraud are just setups – this is the final blow. Typically, an organisation is contacted from someone claiming to be from a company they work with, informing them of a bank account or office location switch, and that future invoices should be re-directed.
This form of fraud is particularly nefarious because you may not realize it at first. It’s possible for weeks to go by and multiple payments to be made before your team realizes they’re being deceived.
And the office change in question may be legitimate. Maybe your supplier actually did set up a new office location, but the person on the phone or sending the email might not be from your supplier.
This is the most important type of fraud to prevent.
Here’s how you can prevent “change of location” fraud: