Channel warned to watch out for fake invoice scam

Fraudsters are targeting SMEs with a fake invoice scam as they look to gain funds illegally from hard working businesses

Running a small business can be hard enough just keeping the wages paid and the tills ringing but it is often made harder because of the actions of criminals.

The channel is being warned to keep a lookout for fake invoices after the number of scams has increased significantly in the first half of this year.

Fraud prevention specialists Cifas and Action Fraud have noted that already 749 firms have been victims of fake invoices, which is more than  the 603 that occurred in 2014.

With some SMEs unlikely to have reported themselves as being victims the true extent of the crime is probably even higher than the official figures show.

The way the fraud happens is that fraudsters phone up pretending to be from a supplier and request a change to the invoice details. Once the address and payment details have been amended it can take a while for the SME to realise that they have been sending payment to a criminal.

Sometimes the fraudsters have used the information provided by friendly sales staff to add to the flannel they use to convince the accounts department that they are from a genuine invoice.

Simon Dukes, chief executive, Cifas said that anyone dealing with financial matters or discussing supplier relationships needed to be aware of the fake invoices scam.

Tips for businesses to protect against invoice scams

1. Ensure all staff, not just finance teams, know about this fraud

2. Never respond to the contact details provided by someone requesting changes to financial details. Instead, use established email and telephone contacts to check that any request has come from the genuine supplier.

3. Always review invoices to check for inconsistencies/errors, such as a misspelt company name.

4. Where possible establish at least two specific points of contact with suppliers so that all invoice changes can be confirmed with both contacts.

5. Contact suppliers for payment of larger invoices in advance of making payment to ensure that payment is made to the correct bank account.

6. Consider what information is publicly available about your business and whether it needs to be public.

7. Never leave invoices unattended in the office or on a desk.

8. Ensure your computer systems are secure and antivirus software is up to date.

“Fraudsters often take advantage of organisations with less resources and less staff leaving small businesses more vulnerable to fraud. We know greater awareness is a powerful tool in fraud prevention and we urge small businesses to stay alert and to ensure their employees are aware of invoice fraud too,” he said.

The need for more education about the potential dangers of the latest sam were also called for by head of Action Fraud Pauline Smith.

“It is important that employees are made aware of invoice scams and are ready to recognise the signs of fraud. Incidents of invoice fraud are underreported and therefore it is difficult to know the true scale of this fraud type, however what we do know, is that this type of fraud prevails across all types of business and no one type of industry is immune,” she said.

Others in the security industry have also noticed an increase in the volume of fraud attempts targeting the SME sector.

"Research reported in the 2015 edition of Proofpoint's annual cybercrime report, the Human Factor, tends to confirm this report, citing a significant increase in business attacks, with fake invoices and voicemail attachments among the top lures,” said Kevin Epstein, vice president of advanced security and governance at Proofpoint.

“This is yet further confirmation that the human factor remains the weakest link in many security profiles - and that use of attachments and macros continues to exploit that weakness,” he added.

MicroScope+

Content

Find more MicroScope+ content and other member only offers, here.

Read more on Finance and Credit

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

ComputerWeekly

SearchITChannel

Close