Is Your Business Alert to Invoice Fraud?

Prevent Your Business From Being Scammed

In the US companies are losing an average of $300,000 per business annually to fraudulent invoices.¹ Invoice fraud can take many forms, including duplicate invoices, invoices with goods or services not rendered, or with changed remittance information. This last category is oftentimes the most damaging, as the invoice itself may be legitimate, but the bank account information has been changed to that of a fraudulent entity. 

How does it happen?

Sadly, there are numerous ways criminals use invoice fraud to scam businesses. Invoice fraud is frequently the result of one of the following scams:

• Spoofing is when someone disguises an email address, sender name, phone number, or website URL—often just by changing one letter, symbol, or number—to convince you that you are interacting with a trusted source.²   Often the legitimate vendor’s email account is spoofed to appear legitimate but with a slight variation that directs to the scammer’s email.

• Business Email Compromise (BEC), or email account compromise, is another way that criminals divert funds through invoice fraud. By hacking the vendor’s system and gaining access to their accounts, they can change not only the banking information on the invoice but also the phone number and email so that if an employee calls or emails to verify the information on the invoice, the criminals remain one step ahead confirming the fraudulent information.

• A fraudster can gain access to your email through phishing, a scenario where you might receive an email that appears to be from a legitimate business and is asking you to update or verify your personal information by replying to the email or visiting a website. The web address might look like one you’ve used before. Once they’ve gained access to your email they monitor your inbox, waiting for an opportunity to intercept an email and change payment details, channeling payments to their bank account.³

• You may receive a copycat or third-party invoice from a company posing as a known vendor requesting payment. This invoice may look normal, but the address, logo, or bank account information has changed from previous invoices, and may include a note of urgency to spur you to act before you’ve had a chance to notice the difference.³

How can my company prevent invoice fraud?

The bad news is criminals will always seek ways to defraud companies and individuals. The good news is you and your employees can protect your company from this type of fraud.

1. Take the time to review invoices carefully. Look at previous invoices – do the address and bank account details match historical records?
2. If you notice changes to contact or payment information, confirm these changes via known channels. Verbally authenticate any payment changes via telephone. Call a known phone number – from your records or even the cell phone of an account owner – don’t trust the phone number listed on a suspicious email or invoice requesting payment changes. If you must use email, do not use the “reply” option when authenticating emails for payment requests. Instead, use the “forward” option and type in the correct email address or select from a known address book.

Taking a few extra steps to confirm the legitimacy and accuracy of invoices can save your business time, headaches, and potentially hundreds of thousands of dollars that could be lost due to fraud. If you receive a suspicious invoice, call Client Services for assistance.

1. https://www.prnewswire.com/news-releases/medius-us-businesses-lose-on-average-300-000-per-year-due-to-invoice-fraud-301641518.html
2. https://www.fbi.gov/how-we-can-help-you/safety-resources/scams-and-safety/common-scams-and-crimes/spoofing-and-phishing
3. https://ohiocpa.com/for-the-public/news/2023/08/07/how-to-spot-a-fake-invoice-and-spare-your-organization 

Member FDIC