What is invoice fraud and how can it impact on your business?

Invoice fraud can be one of the simplest and often most devastating forms of fraud. It most commonly happens when a criminal impersonates a supplier and tricks a company into making a payment for a genuine supplier invoice into a fraudulent third party bank account. Payments are often very sizeable and, because the criminals pose as regular suppliers, if those responsible for handling invoice payments are not extremely vigilant it can be very easy to be deceived.

Criminals responsible for invoice fraud are often very thorough and “professional”, as well as exploiting the fact that accounts departments are extremely busy (and knowing when their peak times are to further add pressure), they will spend a lot of time gathering information about the relationship between the supplier and customer. This might be done by checking websites or LinkedIn profiles and seeing who the businesses customers and supplliers are and impersonating these directly, this can then mean any approach from them won’t necessarily be unexpected and your guard is down.

They can intercept post, rummage through bins, and access other publically available information or even hack the supplier or customer email accounts. It doesn’t end there, they then can pose as a representative of the customer by creating a very similar email address and requesting copies of outstanding invoices and details of the real bank account to aid the fraud. Some have been known to gather information from a dishonest employee within an organisation or indeed impersonate a director/signatory of the business demanding an urgent payment is made.

Once they have gathered all they need, the formal request for bank account details to be changed could come by mail, phone or email or even text.

To further add to the devastation surrounding invoice fraud, it should be noted that the fact a payment was made in good faith albeit to a fraudulent account, does of course not settle a real debt and the customer still has a contractual liability to make a payment to the genuine supplier.

Financial Fraud Action UK recommends the following steps to help protect yourself against invoice fraud:

Ensure that all staff who process supplier invoices and who have the authority to change bank details are vigilant. They should always check for irregularities including changes to supplier names and addresses and changes to invoiced amounts.
Changes to supplier financial arrangements should always be verified with that supplier using their established on-file details- don’t just hit reply to the email address and assume you have verified to the correct person.
When a supplier invoice has been paid, it is good practice to inform that supplier of the payment details made, including the account the payment was made to.
Check company or organisation bank statements carefully. All suspicious debits should be reported to your bank immediately.
If you are suspicious about a request, ask if you can call back. Do so using their on-file contact details to establish if they are the genuine supplier of the goods or services.
Perpetrators of fraud often conduct extensive online research to identify suppliers to particular companies and organisations. Consider if it would benefit your company or organisation to remove this information from your website and other publicly available materials.