With invoice fraud on the rise, it pays to be vigilant and make sure you’re doing everything you can to protect yourself. Invoice fraud can be detrimental to a small business’ cash flow and reputation.
If something doesn’t add up: stop, think and investigate.
Invoice fraud: how it works
Invoicing via email is the usual way to request payment for most businesses. Unfortunately, this has created opportunities for cybercriminals, invoice fraud is now more common than ever.
Cybercriminals hack into business email accounts and navigate to the ‘Sent’ box to access sent invoices. Hackers can then duplicate the invoices and alter the payment information.
The criminals then use the business’ compromised email to send the customer a fake invoice. This usually comes with an explanation such as, “our bank account is under audit.”
In addition to this, they can send businesses fake invoices from suppliers. If an email account has been compromised, hackers delete the real invoice after copying it. Then send the business a fake one with different bank details. This may easily result in large sums of money being lost.
After the money is sent to the fraudulent bank account, the funds can instantly be moved offshore where they are almost impossible to retrieve.
The fraudulent accounts are normally owned by “money mules,” who transfer the funds abroad to the cybercriminals, similar to how drug mules are used to move narcotics over borders. These mules are often victims themselves, having been blackmailed or tricked.
How to protect yourself
Keep your business safe from invoice fraud by following these steps:
- Use a strong password on your email. Throw in as many symbols, numbers and letters as you can bear to remember. We know there is nothing more annoying than not being able to remember a password. But if someone gets into your business email, that could be the end of your business.
- The research clearly states that ‘a strong password is not enough,’ passwords are leaked in data breaches all the time. Use two-factor authentication (2FA, MFA, 2SV) on your email. If your email provider doesn’t offer this, then you should definitely invest the time in switching.
- Pay and let your customers pay invoices with a credit card. Most invoices are paid using bank transfer, where there is little to no refund protection. When payments are made using credit cards, there is significant refund protection. Furthermore, there are no credit fees if paid off straight away, and it’s a good way to build your credit score.
- Ask your customers to always verify with you either in person or by phone if they are ever sent an invoice with different bank information.
- If payment is ever made to a fraudulent bank account, immediately report this to the bank. Ensure it’s escalated to the bank’s fraud team. If the bank freezes the fraudulent account before the funds are transferred abroad, you have a chance of getting the money back.
It pays to be vigilant
Cybercriminals are always coming up with new ways to steal your money. Here are some more tips to stop you from becoming a victim:
- If it’s too good to be true, it’s probably not true. Seems obvious right? Yet, the Nigerian Prince scams still steal around a million dollars every year.
- Beware of cold calls. No company will ever ask you for your password in an email or during a phone call, period.
- Check those email domains! Scammers often impersonate Amazon or PayPal, then get you to log on to their ‘fake’ website. If an email does not look perfect, assume it is not from the actual company and check the email domain (the bit after the @ symbol).