How to reduce invoice fraud risk
Invoice fraud comes in many varieties. In all cases, the fraudsters will request you to change the beneficiary account to their own or send you a fake invoice, and, as a result, redirect the invoiced funds.
What happens during invoice fraud?
- As the invoice recipient, you will receive a phone call from the fraudsters pretending to be the invoice issuer, saying that their banking details have changed.
- The fraudsters will request that you make payments to their “new account”. The request often sounds very convincing.
- It is highly likely that the following invoices will also be paid to the fraudsters’ accounts until the real issuer of the invoice realises that their invoices are not paid and contacts you.
Variants of invoice fraud
- Email hack: the fraudsters will hack into the email server of the invoice issuer and send an invoice from their email address, making it virtually impossible for the invoice recipient to identify.
- Lookalike domain: the fraudsters will create a very similar email domain to confuse the recipient. For instance, can you spot the difference between email@example.com and firstname.lastname@example.org?
- Spoof call: the fraudsters will call the invoice recipient with a spoofed phone number after sending a fake invoice, making the recipient believe that they are already in contact with the real invoice issuer, thus a call-back procedure is unnecessary. That is exactly what the fraudster is aiming for. Always call back your invoice issuer on the pre-arranged number.
What precautions can you take?
As an invoice recipient:
- Validate the invoice: check whether you expect the invoice for this amount and check if the issuer’s details are unchanged compared with previous payments.
- When you receive a change request, check the spelling and layout. Many fraudsters make small errors and inconsistent visual alterations that will give them away.
- Make a phone call to a pre-arranged number to check the validity of the change request. Do not use the number indicated on the request itself or rely on being called by the invoice issuer. Always call back.
- If you have too many invoice issuers to call back, install call back procedure for the top 10 largest ones to reduce the risk.
- If you do not have a pre-arranged number to call, you can use public sources such as Google or the yellow pages to look up the phone number of your issuer.
- Be extra careful if you are asked to update the pre-arranged phone number.
As an invoice issuer:
- Educate your recipients to always call you back in case any change request or in doubt of the legitimacy of an invoice.
A short phone call can save a lot of money: trust but verify.
Know more about fraud prevention:
Go to banking safely page or download the leaflet below.