Invoice fraud can occur in one of two ways;
In order to pull off an invoice scam, the criminal will often hack into the business’ email accounts in order to gain valuable information about the company’s relationships with clients and suppliers. They will look for details of when regular payments are made and when invoices are sent to customers.
Once they have the information they need, they can start to clone invoices and email addresses. They will also look at the way you write and structure your emails and any other information that will help them to impersonate you.
There are two methods a scammer could use to fool your clients. The first method is contacting the client first and requesting that, when they receive their next invoice from the company, they change the bank details to the ones provided as the company has changed who they bank with. This way, the client will receive their invoice at the normal time and from the normal email address so nothing seems out of the ordinary.
The second method is simply sending the client a fake invoice, designed to look exactly like the legitimate one, which features the scammer’s bank account details, phone number and email address. The scammer will say that the company’s banking system has changed which is why they are receiving the invoice at a different time and why the bank details have changed.
The scam is normally detected when you go to chase the payment and your client proves that they have paid. Then you realise that they have sent the payment to a different account and you haven’t been paid for your work.
If the scammer wants to defraud you and not your clients, they will pose as one of your regular suppliers.
In order to do this, they will clone the supplier’s email address and invoices instead. Then, like they would contact your clients, they will send an email to you with the same claim that their banking system has changed therefore you need to change the account details you normally send the payment to.
You will discover the scam when the supplier contacts you about payment. They will tell you that their bank details haven’t changed and you realise you have sent the money to a fraudulent account.
If you are unsure whether you are being targeted, these are some of the steps you can take to detect a scammer;
Every company is vulnerable to invoice fraud, so it is very important to ensure that every member of staff is aware of this.
Following these steps will help you to protect your business from invoice fraud;
Although this is less common than external scammers, there have been cases where staff in authoritative positions have processed fake invoices for personal gain.
To prevent this from happening, you should implement a system where no invoices can be processed without being checked by another person. For example, if your business is vehicle repairs, you could have the engineer approve the invoice for the work carried out, while someone else is responsible for processing the payment.
If you believe you have fallen victim to invoice fraud, you should immediately report it to Action Fraud UK. Action Fraud is the police’s national fraud and cybercrime reporting centre and from there it can be sent to an individual police force for investigation.
You can report fraud on the Action Fraud UK website, or by phoning them on 0300 123 2040.
Unfortunately, after the fraudster has received the payment, they will move or withdraw the money making it very difficult to recover.
Also, as the payment would have been approved with all the correct security passcodes, it is unlikely that the payment would have been picked up by your bank as unusual or suspicious. This means investigations tend to be delayed and very lengthy.
Find it useful? Please share!
LEAVE A COMMENT
Your email address will not be published.
Find it useful? Please share!
Last updated: 12 November 2019 | © KIS Finance 2018 |