Invoice Payment Fraud

The ADF wishes to remind all customers to beware of invoice email scams as they can result in potentially large losses if not detected.

What is invoice fraud?

Invoice fraud can involve notifying your company that supplier payment details have changed and providing alternative details in order to defraud you.

The fraudster could be claiming to be from a genuine supplier, or even be posing as a member of your business. Funds are often quickly transferred so recovering money from fraudulent accounts can be extremely difficult.

How does invoice fraud happen?

Invoice fraudsters may be aware of the relationships between companies and their suppliers, and will know the details of when regular payments are due. The fraud may only be discovered when the legitimate supplier follows up on non-payments.

Fraudulent letters and emails sent to companies are often well-written, meaning the fraud is difficult to spot without strong operating processes and controls in place. Email addresses are also easy to spoof, or in the case of malware-infected PCs, criminals can access genuine email addresses.

The process of changing the bank details of someone you are paying should always be treated with extreme caution.

How you can help to prevent invoice fraud – a checklist

  • Always check the details of any new/amended payment instructions verbally by using details held on file, and do not solely rely on the new instruction. Fraudsters can imitate email addresses to make them appear to be from a genuine contact, including someone from your own organisation.
  • If you are suspicious about a request made by phone, call them back on a trusted number. Fraudsters will attempt to pressure you into making mistakes – take the pressure off by taking control of the situation.
  • Look carefully at every invoice and compare it to previous ones received that you know to be genuine – particularly the bank account details, wording used and the company logo. When making a payment, ensure your invoices quote the full legal or ‘trading as’ name.
  • Consider setting up single points of contact with the companies you pay regularly.
  • Apply the same principles to requests from within your own organisation.
  • Fraudsters will look for opportunities to exploit any vulnerabilities in your processes. Therefore it is crucial to ensure staff are regularly educated, particularly those that are responsible for making payments.
  • While working remotely, ensure you and your colleagues remain vigilant and adhere to relevant checks and processes.