Invoice fraud
Invoice fraud
Blog

Invoice fraud – How to spot them and how to stop them

November 04, 2024

It’s a typical Thursday afternoon in the office and you’ve just had your 3:00pm coffee.

An invoice from a familiar supplier lands in your inbox.

“Great, I’ll pay it now and tick it off my to do list” – wait!

Are you sure it’s legitimate? You might be about to get scammed.

 

Cybercrime is evolving, and invoice fraud is one of the fastest growing threats, using phishing, business email compromise (BEC), and other tactics to manipulate invoices and steal funds. In this article we’ll explore the techniques fraudsters use and the steps you can take to help protect your business.

 

BEC or CEO?

Have you ever received an email from your CEO, but something doesn’t feel quite right? It could be a case of business email compromise (BEC). That’s where a cybercriminal manages to compromise the CEO of a company’s email account and sends an urgent email to the finance department requesting an immediate transfer of funds.

BEC is a sophisticated type of attack that manipulates business processes. Cybercriminals often impersonate high-level executives or trusted suppliers, tricking employees into transferring funds to fraudulent accounts. By gaining unauthorised access or spoofing email addresses, scammers send fake invoices that appear genuine, leading to significant financial losses.

 

Early bird doesn’t catch the worm

Fraudsters often create a false sense of urgency to pressure employees into paying fraudulent invoices without double-checking the details. They might offer early payment discounts to rush payments through, making it harder to detect errors. If a payment request feels uncomfortably urgent or aggressive, it’s a potential red flag for fraud.

 

It’s in the detail

One of the easiest tricks fraudsters use is altering small details like email addresses or banking information. For example, a minor change in the domain name – such as replacing .com with .co.uk – can go unnoticed by a busy employee. Once the fraudulent invoice is approved, funds are transferred to the fraudster’s account, and by the time anyone realises, it’s too late. Fraudsters can even infiltrate accounting or Enterprise Resource Planning systems to submit fake invoices through legitimate processes, making detection even more challenging.

 

Impersonating vendors – a perfect timing scam

Cybercriminals often impersonate vendors or suppliers that your business regularly deals with. They mimic invoice formats and even time their scams around real purchases or deliveries to avoid suspicion. By using social engineering, they gather detailed information about your billing processes, clients, and vendors, making their fake invoices incredibly convincing.

 

Case study

A construction firm employee fell victim to a phishing scam after receiving a fake email from “Microsoft” asking him to verify his Office 365 account details. Unknowingly, he had handed over his credentials to a fraudster. The firm had not implemented multi-factor authentication (MFA), allowing the fraudster to remotely access the employee’s email account. The employee, a project manager, regularly handled invoices from subcontractors.

A few weeks later, the fraudster intercepted an email from a subcontractor requesting payment for £93,425. The fraudster set up email forwarding rules to hide genuine emails from the subcontractor, and created a nearly identical email address impersonating the subcontractor’s Managing Director.

The fraudster then sent an email to the project manager, claiming the subcontractor had changed bank accounts and attached a new invoice with updated payment details. The finance department, failing to verify the change, transferred the £93,425 to the fraudster’s account**.

 

“Never take invoice payment details at face value. Always check any changes to bank details verbally via a phone number unassociated with the invoice you are looking at”

– James Bishop, Cyber Expert, Macbeth Insurance Brokers

 

So how can I fight the fraud?

#1  Call back procedures – Anytime a new payee account is set up or account details are changed, it’s best practice to verify the request by calling the person or company using a pre-certified phone number. This simple step can drastically reduce the risk of falling for fraudulent requests.

#2  Multi-factor authentication – MFA adds an extra layer of security for web-based email accounts by requiring verification steps like a code generated mobile app. This can prevent cybercriminals from easily accessing a company’s systems, reducing the risk of BEC and invoice fraud.

#3  Employee Training – Humans are often the weakest link in cybersecurity. Companies should regularly train employee to recognise invoice fraud tactics and conduct phishing tests to prepare them for real-life attacks. Awareness and vigilance can significantly lower the risk of fraud.

 

And if the worst happens?

A cybercrime extension on your existing cyber policy can help recover losses caused by cyber-enabled invoice fraud. These policies may cover financial loss, legal expenses, regulatory investigations, and crisis management costs. In the ever-evolving world of cyber threats, it’s crucial for businesses to have adequate cyber insurance coverage tailored to their operations. While risk management measures can reduce exposure, it’s impossible to completely eliminate the risk of fraud. Cybercrime insurance acts as a safety net, providing financial recovery when scams slip through your defenses.

 

Why every business needs Cyber Insurance

Almost every modern business has some form of cyber exposure, even if it doesn’t rely heavily on digital operations. In the above mentioned case study, a construction firm – far from a tech-centric business – was defrauded out of £93,425 with a single compromised email account. However, thanks to having cybercrime cover, the company was able to recover its losses. By understanding the risks and implementing proactive strategies, businesses can protect themselves from the growing threat of invoice fraud.

 

Would you know what to do if the worst happened?

Speak to our cyber expert James Bishop today on 0118 916 5480 and risk less.

 

**CFC subcontractor scam case study

Invoice fraud is a rapidly growing cyber threat. Are you prepared?

Call us on 0118 916 5480

Get in touch

Invoice fraud is a rapidly growing cyber threat. Are you prepared?

Call us on 0118 916 5480

Get in touch

Related insights

Related insights

View all
Combined Shape
Combined Shape
Group CEO sitting in high back chair looking to camera and smiling
Group CEO sitting in high back chair looking to camera and smiling

Question about technology insurance. Talk to one of the Macbeth team.

Send us a message