What is it?
Invoice Fraud is a scam directed at companies conducted by means of social engineering. It often involves imitating the identity of a supplier (usually by email) in order to modify the account number associated with an invoice.
How does it work?
Once they have the information they need, cybercriminals impersonating the supplier contact the company (usually by e-mail) to request a new payment procedure. They provide a new bank account number under their control for the payment of invoices.
If the victim falls into the trap, they will send future payments to the bank account under the control of the cybercriminal instead of to their supplier. Such fraud is often only discovered when the legitimate supplier complains about the non-payment of invoices.
What you can do to prevent invoice fraud in companies
- When you receive a request to change the bank account number of a supplier, contact them by telephone to confirm the change. Call the usual contact phone number you have for the supplier, never the one that appears in the email signature.
- Carefully study each invoice and compare them with previous invoices that you know are genuine. Bank account details, the wording used and the company logo can be used to infer the authenticity of the document.
- Do not rely on certificates of ownership without first verifying their legitimacy with the person who issued them.
- Consider limiting or removing information about customers or suppliers from your company's website and social media accounts. Revealing your employment relationships can be beneficial to your business, but it can also make it easier for cybercriminals to know who to impersonate.
- If you have been a victim of such a scam and you have made transactions to a fraudulent account number, you must urgently inform your bank branch and file an official complaint with the police. You must also contact the supplier to notify them of the scam. The speed with which you react will determine the extent of the damage.
- Never delete emails, telephone records or other documentation provided by cybercriminals. This is proof and may be required for a police investigation.
Invoice fraud is a scam that can affect any type of company. Security awareness among employees is key to minimising risk.