Everyone is at risk of fraud. Scammers are using increasingly sophisticated ways to deceive and steal from us and unfortunately no business or person has guaranteed protection.
One methodology used by fraudsters is Invoice Fraud, which is also known as Invoice Redirection Fraud, and it usually involves a fraudster impersonating a worker or supplier, claiming their banking details have changed and providing you with alternative ones to use. This is usually followed up by an urgent request for payment, or a sudden need to close their account.
This widespread crime, which is an on-going challenge for CFOs and finance professionals, cost UK businesses almost £93M in 2018 (Fraud Advisory Panel, 2019). The reason this type of fraud is so popular with fraudsters is because it can involve high amounts of money being transferred quickly, explaining this alarming figure.
Invoice Fraud typically occurs via email, and for large companies who handle hundreds of vendors and invoices, it can be easy for fraudsters to slip in a fake invoice without being caught. Companies who publicly share their commercial relationships and personal contact details are especially vulnerable to Invoice Fraud as this information is readily available to fraudsters, allowing them to target particular individuals (such as CFOs) or specific business areas.
However, Invoice Fraud does not discriminate by company size or sector. Both small and large companies of any kind can fall victim to this crime. It can often be very difficult to identify fraudulent invoices or emails as fraudsters normally put in a lot of effort to ensure that these appear realistic due to the high potential pay-out. Fraudsters will copy names, logos, email addresses, colours and fonts to the best of their ability so that their message looks legitimate.
It is therefore important that we know everything we need to know in order to block these attacks.
Protective measures that you and your company can take are:
- always check payment arrangements directly with the supplier
- carefully scrutinise any invoices you receive, send confirmations
- send small first-time payments to a new account
- check balance statements regularly
- never leave sensitive information in full view
- trust your instincts. If you feel uneasy, pressured or unsure – trust how you feel and triple check
If fraudulent activity is detected, the following actions should then be taken:
- do not make the payment
- report the matter to your bank
- alert the real supplier/colleague so they can inform others of the attack
- make sure the fraudulent account details are not listed for any of your other suppliers
- check online to see if the IP address used for spoof emails has prompted other reports of abuse
- report concerns to Action Fraud (England, Wales, Northern Ireland) or Police Scotland (Scotland)
- make sure your other payments have not been compromised
- improve controls and protection where possible and/or necessary
Anyone can be targeted by Invoice Fraud, but anyone can learn how to identify it, stop it and report it.
Spread the word and let’s keep #beatingfraudtogether.
- UK businesses lose around £9 Billion annually because of invoice fraud (Skill Cast, 2020).
- 43% of businesses are unaware of the existence of invoice fraud (Skill Cast, 2020).
- There were 3,280 invoice and bank mandate scam cases involving businesses over the year with an average loss per case of more than £28,000 (Skill Cast, 2020).
- Invoice and mandate scams were the third most common type of APP scam in 2018, however they resulted in the largest share of losses at 35 per cent, totalling £123.7 million.
- Tech Republic found that in the 3rd quarter of 2020 the median number of BEC (Business Email Compromise) attacks received per company each week rose by 15% from the previous quarter (Abnormal Security BEC ReportQ3 2020). Abnormal Security report
- Attacks that employed invoice or payment fraud jumped by 155% (One Pay Solutions, 2020).
- A survey by KMPG determines that internal and external audits only have 57% chance of catching fraudulent activity.
- Financial Fraud Action UK has warned companied to check twice or pay the price.