How to spot a dodgy invoice every time
Putting in place five simple procedures to track, check, and match crucial details will leave fraudsters with fewer chances to profit.
Invoice fraud, also known as “false billing”, happens when criminals redirect payment of your outstanding invoices to a fraudulent bank account via fake invoices, employee or supplier impersonations or invoice manipulation from an email hack.
Anyone can fall victim to invoice fraud. Australian businesses lost $277 million to payment redirect scams in 2021, according to the ACCC. However, understanding how it happens and putting security in place can minimise the risks.
Subtle opportunists
Fraudsters are opportunists — they spot vulnerabilities in accounts payable processes to defraud organisations. It works like this: a fraudster sends an invoice to your business via email. The email will typically have an invoice attached detailing the purchase order and payee details. These emails and invoices may seem genuine but there are intricate details that accountants or office administrators can miss.
For example, the email address could look like it is from a legitimate supplier, but the fraudsters have replaced an “o” with the number “0”. Or the invoice attached may have a malicious link that could infect your organisation’s network.
Within the content of the email, the fraudster will provide a new bank account number and request that all future payments are processed. Once this happens, it is already too late. The scam is often detected when the original supplier asks why they have not been paid.
Types of invoice fraud
- False, inflated or duplicate invoices
Inflated or duplicate invoices are a huge nuisance to accounts payable departments. Fraudsters love this tactic because it is easy and with the right timing, organisations may be paying twice or paying at an inflated price. In addition, fraudsters may collaborate with a malicious insider in the organisation to carry out other fraudulent activities.
- Third-party supplier or vendor impersonations
Fraudsters understand that employees are much more likely to reply to a genuine supplier instead of unknown individuals. So they impersonate a supplier by changing their email address, copying the company logo, and using the supplier’s personal information.
- CEO/CFO fraud
In this scheme, fraudsters impersonate executives, sending fake emails authorising urgent payments. This type of invoice fraud can be tricky and manipulative, especially to accounts payable clerks who are not properly trained and unsure what to do.
Detecting invoice scams
Always stay alert when scanning through an invoice. To ensure you do not fall victim to invoice fraud, make sure to double-check the invoice of the following:
- Email addresses
- Contact information
- Invoice number and purchase order
- Dates
- BSB and account number
- Company information and logo
- Goods and services
- Speed of payment
Put procedures in place
Once you understand how this type of fraud works it is essential to establish procedures to protect your organisation from invoice fraud.
- Establish call-back procedures
If you suspect fraudulent activity or notice changes on an invoice, immediately contact the supplier or vendor. By conducting a call-back you can verify that the banking details or information is correct.
- Set up two-factor or multi-factor authentication
By setting up two-factor or multi-factor authentication on your email, you can prevent fraudsters from hacking your email accounts. You can also avoid becoming a target by fraudsters who may want to use your email to defraud your clients. According to Microsoft, MFA can prevent 99.9 per cent of attacks.
- Track invoice activity
When you track each invoice and update an invoice, you will be able to notice all the changes that occur. Changes like the frequency of invoices or description of items are components you should keep an eye out for. These changes may occur and could seem suspicious. It may look legitimate. However, you should always double-check with the supplier to make sure.
- Employ three-way matching
This allows you to verify a supplier invoice by matching the invoice to the purchase order and receipt of goods. The primary purpose is to prevent any fake invoices or fraudulent invoices.
- Double check BSB and account number
Finally, it is crucial to ensure payee details such as the BSB and account number are accurate. A slight change may be enough to fool you. Fraudsters are known for requesting changes in payment details. Always verify the payee’s information before finalising payments.
The bottom line
Statistics demonstrate that invoice fraud is a serious problem. Threats can come in all forms and target a variety of individuals such as employees, executives and vendors.
With large batches of invoices coming into a business each quarter, accounts payable departments are too buried in paperwork and workflows to be worried about preventing invoice fraud.
There’s also a lack of awareness and investigation — but the bottom line is that organisations need to be aware and act against invoice fraud in order to avoid this increasing threat.
By double-checking invoices, confirming with suppliers, strengthening internal controls, and applying security software, you can significantly minimise the risk.
Gerard Mondaca is community security manager at Eftsure.