NEW CROPPED instasupply logo.png
Ë

Still Paper Pushing Invoices? Switch to an Electronic System Instead

B2B Tech Finance

Invoice fraud is a serious and growing problem. Should you be worried about invoice fraud? 

Businesses without robust fraud prevention systems are particularly vulnerable, with smaller businesses accounting departments being at greater risk to their accounting departments are far greater than those experienced by larger organisations.

Invoice fraud is now one of the most commonly used forms of digital fraud directed against businesses, with over half of businesses now seeing invoice fraud as their single biggest threat.

But surely, while common, invoice fraud is for small things like office paper or pens, right? Unfortunately, that is not the case. Businesses often find themselves paying quite large sums of money to invoice fraudsters, with little or no hope of ever recouping the money.

And once the fraudsters have the money, they very quickly wire it out of the country. So, even if the fraudulent activity is identified immediately after the payment is made, it’s often too late. That’s why it is extremely important to prevent invoice fraud in the first place.

Most cases if invoice fraud don’t take the form of cyber hacking or anything as complex. Instead, fraudsters use social engineering – taking advantage of human nature, through exploiting poor training, policies and checking.

 With that in mind, our goal with this article is to offer several ways you can prevent invoice fraud from happening in the first place. These prevention tactics rely mostly on best operating practices that can be implemented into your business. 

Fraud Tactic #1: They’ll Invoice You From a Fake Email Address

This relatively simple method of invoice fraud relies on two things:

  • A lack of attention to detail
  • Overworked and backed up accounting teams

This method of supplier invoice fraud will involve researching your business. Things to figure out:

  • How big your company is
  • What kind of orders you make (paper supply fraud anyone?)
  • What companies you normally order supplies from
  • What your busy season is/when your accounting team is likely to have many unpaid invoices outstanding

Then they’ll create a fake invoice for a thousand pounds or so. The email will claim the invoice is 90 days late and must be paid immediately, adding to the stress level of your accounting team (especially if you legitimately have many unpaid invoices to catch up on).

Let’s say you normally order supplies from Paper and Pens Co. Their email domain is accounting@paperandpens.com.

The fraudsters might email you from…

  • paperandpensaccounting@gmail.com
  • accounting@paper&pens.com
  • accounting@paperandpens.co

Or some other similar variation of the normal email address.

Here are several ways to prevent fake email fraud:

  • Make sure you have the official invoicing email address on file for each partner and supplier you work with checking the email address with your invoicing emails every time you pay a supplier.
  • Use a platform where you can send electronic POs and receive invoices online. Require suppliers and partners to comply with the requirements so that only the suppliers onboarded on the system can receive/send documents to you. 
  • Create a company culture (at least in the accounting department) that emphasizes doing things the right way instead of doing things the fast way.

    Often, fraudsters are able to succeed because people are cutting corners. This is understandable in the busy season, but it is also very preventable. Don’t let your accounting team down by making them work with old technology and manual data entry. This will only cause confusion, lack of actionable information and overpayments. 

Fraud Tactic #2: They’ll Hack a Legitimate Company Email Address and Invoice You

This is a more difficult form of fraud for people to pull off successfully. That means it’s a more challenging form of fraud for your team to defend against, as it’s less obvious. If you receive an email from paperandpens@gmail.com, many internet savvy people will say, “That’s not right since no legitimate company uses gmail as their company email provider without attaching the business domain name to the end.”

However, what if your team receives an email from accounting@paperandpens.com asking for a payment? Fraudsters carry out this form of deception by getting the email passwords for a company’s official accounts in some way. They may do this through keylogging (installing software that records keystrokes and sends them to a third party) or social engineering of some kind.

Point is, just because the invoice comes from a “safe” email account doesn’t mean you can let your guard down.

However, there is some good news: even if a company sends you a fake invoice from a real email address, any payment you make would go to the legitimate company in question. As in, you have a “safe” bank account or credit card that you make payments to.

Even if fraudsters have a company’s email account, they’ll need to give you a new payment option before they can profit from their exploits. Which brings us to our third (and final) form of fraud….

Fraud Tactic #3: They’ll Ask You to Change Where You Pay a Company’s Invoices

This is the most crucial form of fraud to be aware of, where your money is taken away from you.  The other forms of fraud are just setups – this is the final blow. Typically, an organisation is contacted from someone claiming to be from a company they work with, informing them of a bank account or office location switch, and that future invoices should be re-directed.

This form of fraud is particularly nefarious because you may not realize it at first. It’s possible for weeks to go by and multiple payments to be made before your team realizes they’re being deceived.

And the office change in question may be legitimate. Maybe your supplier actually did set up a new office location, but the person on the phone or sending the email might not be from your supplier.

This is the most important type of fraud to prevent.

Here’s how you can prevent “change of location” fraud:

  • Whenever you change the form of payment or the account details with which you pay a supplier, you must have at least two parties from that supplier confirm the change.
  • Make sure you never change payment details, whether through email or phone, immediately after a supplier says they have a new location. Instead, you must initiate emails or phone calls to multiple people within that new company, asking them for confirmation.
  • Don’t simply confirm the office location change: confirm the exact new bank account where your payments are being routed to.
  • If a company has just called you to ask for a new payment option, wait at least 10 minutes before calling them back. Criminals can “hack” your telephone call and pretend to be the company – regardless of what number you call – if you call within 2-3 minutes of hanging up on the fraudsters.

    Check out our Guide to Invoice Fraud Safety for key steps to take if you uncover fraud within your business.

Free eBook

Guide to Invoice Fraud Safety

Fill out the following form to access the guide.


0
comment(s)