Reading time: 6 mins
8 March 2023
Invoice frauds are an increasingly common form of cybercrime that can affect anyone, from small businesses to individuals. In simple terms, invoice fraud is a scam in which fraudsters pose as legitimate companies in a phishing attempt to get their victims' bank account details. The fraudsters will send fake invoices or email requests to update payment details to trick the victim into providing alternative bank details, which the fraudsters then use to transfer funds. It is important to take steps to protect yourself from this type of fraud and keep your bank account details safe. In this article, we will discuss tips to prevent invoice fraud.
Invoice fraud involves a type of payment fraud that involves a fraudster notifying a company or individual that supplier payment details have changed, and providing alternative bank details to defraud them. The fraudster could be posing as a member of your own firm, or even a genuine supplier, making it difficult to detect the fraud. Funds are often transferred quickly, which can make recovering money from fraudulent accounts extremely difficult.
Invoice fraudsters are often aware of the relationships between companies and their suppliers, and will know the details of when regular payments are due. The fraud may only be discovered when the legitimate supplier follows up on non-payments. Fraudulent letters and emails sent to companies are often well-written, making the fraud difficult to spot without strong operating processes and controls in place. Email addresses are also easy to spoof, or in the case of malware-infected PCs, criminals can access genuine email addresses. Invoice fraudsters will use these methods to dupe individuals and companies to transfer funds into fraudulent bank accounts.
There are several steps you can take to protect yourself from invoice fraud:
Check Payment Requests
Carefully Always check the details of any new or amended payment instructions verbally by using the contact details held on file, and do not solely rely on the new instruction. Fraudsters can imitate email addresses to make them appear to be from a genuine contact, including someone from your own organisation.
Verify Payment Information
If you are suspicious about a request made by phone, call them back on a trusted number. Fraudsters will attempt to pressure you into making mistakes, so take the pressure off by taking control of the situation. Always verify the payment information and contact details with a genuine number published on the supplier website.
Be Cautious with Changes to Bank Details
The process of changing the bank details of someone you are paying should always be treated with extreme caution. Consider setting up a single point of contact with the companies you pay regularly, and apply the same principles to requests from within your own organisation.
Look Out for Suspicious Debits
Look carefully at every invoice and compare it to previous ones received that you know to be genuine, particularly the bank account details, wording used, and the company logo. When making a payment, ensure your invoices quote the full legal or ‘trading as’ name. Consider removing information such as testimonials from your own or your suppliers’ websites or social media channels, as these can help fraudsters identify your suppliers.
Monitor Bank Statements
Regularly monitor your bank statements and check for suspicious debits, such as duplicate invoices, inflated invoices or just simply fake invoices. Create audit trails for payment changes, and conduct regular audits on your accounts.
Educate Your Team
Fraudsters will look for opportunities to exploit any vulnerabilities in your processes. Therefore it is crucial to ensure staff are regularly educated, particularly those that are responsible for making payments. Educate your accounts payable departments to follow proper protocols in processing supplier invoices.
Use Confirmation of Payee
(CoUse Confirmation of Payee (CoP) Alerts Always pay attention to Confirmation of Payee (CoP) alerts. CoP is an industry initiative designed to target Authorised Push Payment (APP) fraud in the UK, particularly impersonation fraud, invoice redirection and new payment fraud. The service enables you to check the name of an account against the sort code and account number and confirm whether or not the account details and account name match.
Report Fraudulent Invoices and Scams
If you receive a suspicious email or fake invoice that appears to be from a legitimate company, forward it to the company's cybersecurity team or IT department for further investigation. If you fall victim to fraud or receive a suspicious payment request, report it to Action Fraud – the police’s national fraud and cyber-crime reporting centre. Even if you've not suffered any financial loss, this will allow the police to analyze trends and help prevent fraudsters from exploiting other companies.
If you suspect you've received a fraudulent invoice or have provided your bank account details to a fraudster, there are steps you can take to protect yourself:
Contact Your Bank Immediately
If you've transferred funds to a fraudulent account, contact your bank immediately. The quicker you alert your bank, the greater the chance of recovering the funds.
Report to Action Fraud
Report the fraudulent activity to Action Fraud by calling 0300 123 2040 or filing a report via their website at www.actionfraud.police.uk. Even if you've not suffered any financial loss, this will help prevent fraudsters from exploiting other companies.
Stay Vigilant
Always remain vigilant and adhere to relevant checks and processes, particularly while working remotely. If you receive a suspicious email that appears to be from your bank or a supplier, forward it to the relevant department for further investigation and delete it from your email account immediately.
Invoice fraud is a serious threat that can lead to significant financial losses. Fraudsters can easily obtain bank account details and impersonate legitimate companies to perpetrate their scams. However, by following the tips outlined in this article, you can reduce the risk of falling victim to invoice fraud. Always check payment requests carefully, verify payment information, be cautious with changes to bank details, look out for suspicious debits, monitor bank statements, educate your team, use CoP alerts, and report fraudulent invoices and scams to protect your bank account details. Stay vigilant, and don't let the fraudsters win.