Hit enter to search or ESC to close

4 December 2018

Fake invoice scams

Let’s face it: fraud is everywhere. Scammers are working hard to try to fool us and take our money, and they’re dreaming up new ways to do it every day.

Invoice fraud is where criminals try to get a hold of your hard-earned cash though invoices sent for a product or service that has never been requested or received, or for a payment your business is expecting to make.

Basically, the scam goes something like this: an opportunistic criminal learns a bit about the person or business they want to extract funds from, including their location and the types of vendors they deal with – this information could come from Facebook. There are also instances where scammers have hacked systems or emails to intercept information about legitimate payments. Then, the fraudster impersonates a vendor and sends a request for funds, often with some form of “urgent”, “overdue” or “pay now” message included. They may also request changes be made to the usual billing arrangements.

There are many reasons why a consumer or employee might inadvertently pay one of these fraudulent invoices, but there are things you can do to try and keep your business from becoming a victim of invoice fraud.

Educate yourself and your employees

Staff may be your main exposure to invoice scams, but they but also your best defence. The better informed your valuable employees are, the better protected your company is.

Make employees aware of the possible types of invoicing scams out there. When staff know what to be on the lookout for, you increase your chances of spotting something fishy before it has the chance to catch you.

Here are a handful of ways businesses protect themselves:

  • Staff education: Keep staff updated on the latest threats and responses you have in place to prevent a breach.  Ensure staff are trained never to bypass standard payment approval processes in response to an email or phone call.
  • Ask staff to always confirm if goods or services have been requested and received before paying an invoice  
  • Make sure staff call the supplier using the phone number your company has on file, or from their website or phone book. Don’t use the phone number on the invoice or the email; this will likely be the scammer’s phone number.
  • A sharp eye can save the day: scammers usually can’t get their hands on an original company letterhead or invoice, so scan a copy. Things like the logo and font won’t appear as clear on a scanned version. Check bank details against previous invoices.
  • A thief may take a legitimate invoice and change information like bank account details or email address.
  • Where possible try to use payment methods that provide consumer protection, such as credit cards and PayPal.

Once payments have been made to dodgy scammers, it is very unlikely that people will be able to get their money back. The usual practice is for the money to go through several locations making it near on impossible to trace.

And scammers are creative. They’re constantly inventing new methods to fool us. The best we all can do is to stay informed, take precautionary measures, and report threats when we find them.

Cyber risk management

It's so important to be proactive and vigilant in protecting your business online, but none of the measures outlined provide 100% security. A key part of any risk management strategy should be to consider cyber insurance. While an insurance policy cannot prevent a breach of your cyber security, it can assist should you suffer one.