How to reduce invoice fraud risk
Invoice fraud comes in many varieties. In all cases, the fraudsters will request you to change the beneficiary account to their own or send you a fake invoice, and, as a result, redirect the invoiced funds. It is easy for fraudsters to do and comes with almost no risk for them. That is why it is the most popular way of defrauding business. So, be extra vigilant when it comes to changing the beneficiary account.
What happens during invoice fraud?
- As the invoice recipient, you will receive a phone call from the fraudsters pretending to be the invoice issuer, saying that their banking details have changed.
- The fraudsters will request that you make payments to their “new account”. The request often sounds very convincing.
- It is highly likely that the following invoices will also be paid to the fraudsters’ accounts until the real issuer of the invoice realises that their invoices are not paid and contacts you.
Variants of invoice fraud
- Email hack: the fraudsters will hack into the email server of the invoice issuer and send an invoice from their email address, making it virtually impossible for the invoice recipient to identify that it is a request from the fraudsters.
- Lookalike domain: the fraudsters will create a very similar email domain to confuse the recipient. For instance, can you spot the difference between email@example.com and firstname.lastname@example.org? Or between email@example.com or firstname.lastname@example.org?
- Spoof call: Most of the phones today have the caller ID function. But it is possible for fraudsters to “spoof” the caller ID information. The fraudsters will call the invoice recipient with a spoofed phone number after sending a fake invoice, making the recipient believe that they are already in contact with the real invoice issuer, thus a call-back procedure is unnecessary. That is exactly what the fraudster is aiming for. Always call back your invoice issuer on the pre-arranged number.
What precautions can you take?
As an invoice recipient:
- Validate the invoice: check whether you expect the invoice for this amount and check if the issuer’s details are unchanged compared with previous payments.
- When you receive a change request, check the spelling and layout. Many fraudsters make small errors and inconsistent visual alterations that will give them away.
- Make a phone call to a pre-arranged number to check the validity of the change request. Do not use the number indicated on the request itself or rely on being called by the invoice issuer because you see it on the caller ID. Always call back.
- If you have too many invoice issuers to call back, install call back procedure for the top 10 largest ones to reduce the impact.
- If you do not have a pre-arranged number to call, you can use public sources such as Google or the yellow pages to look up the phone number of your issuer.
- Be extra careful if you are asked to update the pre-arranged phone number.
As an invoice issuer:
- Educate your recipients to always call you back in case of any change request or doubt about the legitimacy of an invoice.
A short phone call can save a lot of money: trust but verify.
Learn more about fraud prevention
Go to our banking safely page or download the leaflet below.