Invoice fraud also known as “false billing” is a scam where fraudsters redirect payment of your outstanding invoices to a fraudulent bank account via fake invoices, employee or supplier impersonations or invoice manipulation from an email hack.
Anyone can fall victim to invoice fraud. According to the Australian Competition and Consumer Commission (ACCC), Australian businesses lost $277 million to payment redirect scams in 2021. However, understanding how invoice fraud can happen and implementing security procedures can minimise the risk of fraud.
How Invoice Fraud Can Occur
Fraudsters are known to be opportunists, they spot vulnerabilities in your accounts payable processes to defraud your organisation.
How these scams operate is where a fraudster will send an invoice to your business via email. The email will typically have an invoice attached detailing the purchase order and payee details. These emails and invoices may seem genuine however, there are small details that accountants or office administrators miss.
For example, the email address could look like it’s from a legitimate supplier, but fraudsters may replace an “o” with the number “0”. Or the invoice attached may have a malicious link that could infect your organisation’s network.
Within the content of the email, the fraudster will provide you with a new bank account number and request that all future payments are processed accordingly. The scam becomes successful if the payment is redirected to the new bank account without verifying the bank account details.
Once this happens, it is already too late. The scam is often detected when the original supplier asks why they have not been paid.
Detecting Invoice Scams
Always stay alert when scanning through an invoice. To ensure you don’t fall victim to false billing scams, make sure to double-check the invoice of the following:
- Email addresses
- Contact information
- Invoice number and purchase order
- Dates
- BSB and Account Number
- Company Information and Logo
- Goods and Services
- Speed of when invoice must be paid
Securing Your Bank Account Details
Once you understand how the scam works it’s essential to establish procedures to protect your organisation from an invoice scam.
1. Establishing a Call Back Procedure
If you suspect fraudulent activity or notice changes on the invoice. You should immediately contact the supplier or vendor. By conducting a call-back you can verify that the banking details or information is correct.
2. Setting Up Two-Factor or Multi-Factor Authentication
By setting up two-factor or multi-factor authentication on your email, you can prevent fraudsters from trying to hack your email accounts. You can also prevent being targeted by fraudsters who may want to use your email to scam your clients. According to Microsoft, MFA can prevent 99.9% of attacks on your accounts.
3. Track Invoice Activity
When you track each invoice and update an invoice, you’ll be able to notice all the changes that occur. Changes like the frequency of invoices or description of items are components you should keep an eye out for. These changes may occur and could seem suspicious. It may look legitimate. However, you should always double-check with the supplier to make sure.
4. Employing 3-Way Matching
By conducting 3-way matching you can verify a supplier invoice by matching the invoice to the purchase order and receipt of goods. The primary purpose is to prevent any fake invoices or fraudulent invoices from being paid.
5. Double Checking the BSB and Account Number
Lastly, it’s crucial that you ensure the payee details such as the BSB and Account Number are accurate. A slight change may be enough to fool you. Fraudsters are known for requesting changes in payment details. Always verify before submitting payments.
According to invoice fraud statistics, anyone can fall victim to invoice fraud. Although when you have the correct systems and processes in place you prevent these attacks from happening.
The threat is particularly serious when it comes to AP staff who have access to your organisation’s financial resources and aren’t aware of any invoice loopholes or vulnerabilities.
With Eftsure, whenever your AP team attempts to process a duplicate payment, it will be flagged in real-time, before the payment is processed. This allows you to investigate before finalising payments.
Eftsure ensures that you are processing payments to the correct recipient, by verifying that others have paid the same supplier using a matching BSB and Account Number.
