Companies large and small are regularly confronted with invoice fraud. The number of cases has dropped since the awareness raising campaign conducted by Febelfin last year, but the phenomenon has not been outgrown yet. What can you do to avoid paying a false invoice accidentally?
What is invoice fraud?
In invoice fraud, fraudsters get a hold of an invoice sent to you and use it to swindle you. They intercept the document, change the account number and put the falsified invoice back in circulation. The result: you pay the amount owed, but the payment never reaches your suppliers. The swindle comes to light only when the original beneficiary sends a reminder, but in most cases it is already too late by then to recover the amount paid.
Invoice fraud occurs most frequently in paper documents. The fraudsters simply use an old version to issue a falsified invoice. The ideal way to protect your company against this is therefore to switch to electronic invoicing.
Belgian fraud figures for 2018 according to the central hotline for deception, cheating, fraud and embezzlement
- Fraude in online buying and selling – 5.573 reported cases
- Phantom invoices or reminder to pay for non-existing goods or services – 1.252 reported cases
Most frequently used methods
The approach used by fraudsters in invoice fraud is largely the same as in CEO fraud. The methods we come across most frequent are:
- Social engineering: you are the weakest link
With social engineering, the fraudster targets the weakest link of your protection: humans. The fraudster pretends to be someone else, for instance a high-ranking figure in your organization, and convinces the targeted victim to pay the falsified invoice rapidly.
- Spray and pray: sow so far and wide as possible
The fraudster intercepts a large number of invoices, falsifies them with his or her own account number and then sends them out on a mass scale. The aim here is to have a large number of target victims transfer a small sum of money. The fraudsters calculate that companies will not check the account number when small amounts are invoiced.
- Targeted attacks: straight to the target
Targeted attacks are well organized, meticulously prepared operations. The fraudster is after larger amounts also and s/he tries to obtain as much information as possible via the social media and fake telephone calls or e-mails. As soon as they have sent their false invoice, the fraudster will often shift into higher gear with compelling telephone calls or e-mails.
What can you do against false invoices?
As already mentioned: the best defence against invoice fraud is electronic invoicing. If you use the paper variant nonetheless, checking the beneficiary’s account number is the most efficient way to guard yourself against false invoices. Such extra checking is anything but superfluous, especially when large amounts are involved and the account number does not ring a bell!
Never let yourself be hurried into making a payment: there is always enough time to give a phone call and to make sure that the invoice is authentic.
Check the account number. Never use the contact details on the (possibly) false invoice, but dial the telephone number from your CRM. If that number does not tally with the information on the invoice, the first alarm bell should go off.