One in ten small businesses aren’t aware of the risk posed by invoice fraud, even though they could lose thousands of pounds.
What is invoice fraud?
Invoice fraud starts with the interception of an invoice. Scammers are often creative in this respect, including:
- Picking up an invoice from your letterbox or the waste paper bin waiting for collection on the street.
- Fishing invoices out of red letter boxes, or even stealing them from postal sorting centres.
- Hacking into your supplier’s IT system. Then they intercept the invoice e-mails and change the account number.
This digital invoice fraud is becoming more and more common. Fraudsters no longer need access to your bank accounts in order to steal money. By hacking into your email, scammers can intercept invoices, changing the payment details of individuals and businesses.
Fraudsters are using phishing emails to steal usernames and passwords, allowing them to hack your personal or business email accounts.
They then troll and monitor your email account for an opportunity to intercept an invoice. For example, when you are purchasing goods and awaiting an invoice on email, or if your business is sending an invoice by email.
The scammers intercept an email, change the bank details on the invoice and send it on for payment. In many cases, they use spoofing to make the email address seem credible and trustworthy. Spoofing changes a letter or domain in the email address to make it appear legitimate.
The recipient pays the invoice thinking it comes from a legitimate source, when in fact the money is paid into the scammer’s account.
If you are defrauded in this way, your supplier would be entitled to pursue you for the payment they haven’t received, so you could end up paying out twice. These funds are recovered in only a minority of cases.
How to protect yourself
Here are some tips to help you prevent this fraud:
- Let current and new clients know that your banking details will never change. If they receive any correspondence announcing a change in bank details, advise clients to contact you and verify your banking details before they pay.
- Pay attention to the date the invoice was sent and the date you received it. Be wary if the invoice has been ‘on the road’ for a period of time. A week or more is suspicious. It could mean that the real invoice has been intercepted and tampered with.
- You can also consider leaving your bank details off your invoices and calling clients to give them this information instead.
- If you are supplying banking details, do not email invoices with bank details. Instead, give your banking information directly over the telephone.
- If you have staff who process your invoices for you, make sure they’re aware of the warning signs of scams and remind them to raise any concerns about unexpected payment requests or changes to supplier information.
- Run a simple check whenever you are asked to change a supplier’s payment details. Call your supplier using the original contact details they provided to double-check that bank account and invoice details have genuinely been changed. It could save a lot of money and trouble.
- Get protection – Security Everywhere’s Email Security service removes 99% of attacks before they reach your inbox and quarantines the rest while our security specialists clear them of risk.
If you’ve any questions or concerns about invoice fraud or cyber security, please get in touch.
We are happy to help!