Invoice fraud or false billing happens when an outstanding invoice redirects payment to a fraudulent bank account. This can be done via fake invoices, employee/supplier impersonations or invoice manipulation from an email hacker.
Anyone can be a victim to invoice fraud. Australian businesses lost $277 million to payment redirect scams in 2021, according to the ACCC. However, we can minimize the risk by understanding how it happens and putting security in place.
Fraudsters are opportunists — they spot vulnerabilities in accounts payable processes to defraud organisations. It works like this: a fraudster sends an invoice to your business via email, the email will have an invoice attached detailing the purchase order and payee details. These emails and invoices may seem to be normal but there are intricate details that can be missed by the accountants or office administrators.
For example, the email address could look like it is from a legitimate supplier, but the fraudsters have replaced an “o” with the number “0” or the invoice attached may have a malicious link that could infect your organisation’s network.
Within the email, the fraudster will provide a new bank account number and request that all future payments are to be processed. Once this happens, it is already too late. When the original supplier asks for the payments and why are they have not been paid that’s the time that the scam will be detected.
Types of invoice fraud
- False, inflated, or duplicate invoices
Inflated or duplicate invoices are a huge nuisance to accounts payable departments. Fraudsters love this tactic because it is easy and with the right timing, organisations may be paying twice or paying at an inflated price. Fraudsters may collaborate with a malicious insider in the organisation to carry out other fraudulent activities.
- Third-party supplier or vendor impersonations
Fraudsters understand that employees are much more likely to reply to a genuine supplier instead of unknown individuals. They impersonate a supplier by changing their email address, copying the company logo, and using the supplier’s personal information.
- CEO/CFO fraud
Fraudsters impersonate executives, sending fake emails authorising urgent payments. This is a tricky and manipulative invoice fraud, especially to accounts payable clerks who are not properly trained and unsure what to do.
Detecting invoice scams
Always stay alert when scanning through an invoice. Make sure to double check the invoice details of the following:
- Email addresses
- Contact information
- Invoice number and purchase order
- BSB and account number
- Company information and logo
- Goods and services
- Speed of payment
Put procedures in place
Once you understand how this type of fraud works it is necessary to establish procedures to protect your organisation from invoice fraud.
- Establish call-back procedures
If you suspect fraudulent activity or notice changes on an invoice, immediately contact the supplier or vendor. By conducting a call-back you can verify that the banking details or information is correct.
- Set up two-factor or multi-factor authentication
By setting up two-factor or multi-factor authentication on your email, you can prevent fraudsters from hacking your email accounts. You can also avoid becoming a target by fraudsters who may want to use your email to defraud your clients. According to Microsoft, MFA can prevent 99.9 per cent of attacks.
- Track invoice activity
When tracking each invoice and updating an invoice, you will be able to notice all the changes that occurs. The frequency of invoices or description of items are components you should keep an eye out for. It may look legitimate, but always double-check with the supplier to make sure.
- Employ three-way matching
This allows you to verify a supplier invoice by matching the invoice to the purchase order and receipt of goods. The primary purpose is to prevent any fake invoices or fraudulent invoices.
- Double check BSB and account number
Finally, it is crucial to ensure payee details such as the BSB and account number are accurate. Fraudsters are known for requesting changes in payment details. Always verify the payee’s information before finalising payments even on the slightest change.
The bottom line
Statistics reveals that invoice fraud is a serious problem. Threats can come in all forms and target a variety of individuals such as employees, executives and vendors.
With large batches of invoices coming into a business each quarter, there will be a lack of awareness and investigations on accounts payable departments because they are too buried in paperwork and workflows.
The bottom line is that organisations need to be aware and act against invoice fraud to avoid this increasing threat.
You can minimize the risk by double-checking invoices, confirming with suppliers, strengthening internal controls, and applying security software.