How small businesses can identify and prevent invoice fraud
Google and Facebook have been conned out of $123 million by a scam typology that costs small businesses billions of dollars every year. These attacks were committed via one of the most common business-facing scams: invoice fraud. Invoice fraud occurs when a fraudster sends an invoice for goods or services, posing as a regular supplier of the receiving business. Their hope is that the payment request will get lost in piles of bills, and business owners or finance departments will pay the invoice without thinking twice about it.
Bad actors are clever and constantly refining their strategies. They have become so skilled at this scam that often the only difference between their invoice and that of the legitimate supplier is the email it’s sent from and the accompanying bank account details. And while Google and Facebook were able to recover their lost funds, this isn’t the case for most companies who fall victim to this type of crime. Keep on reading to find out what signs to be on the lookout for and how to ultimately prevent your business from falling victim to invoice fraud.
What to look out for before paying an invoice
Below is a list of 10 red flags that can indicate you’ve been targeted for invoice fraud:
- The email with the invoice attached has grammar or spelling errors.
- The email address is not identical to the one your supplier typically uses. With invoice fraud, the email address is usually a single character off from the legitimate supplier email or uses a modified email domain. An example might be [email protected] now coming in as [email protected]. If something feels off, search your inbox or the internet for your supplier’s email address.
- Your “supplier” abruptly requests to only be paid by ACH bank transfer, and not by check, or suddenly changes their banking details.
- The invoice is for something you didn’t purchase.
- The document itself looks ‘off’. Maybe the logo isn’t as crisp as usual or the layout doesn’t look the same. Fraudsters can’t get their hands on official company letterheads or high resolution logos, so they often scan and then print logos onto their own invoices. This tends to result in a slightly fuzzy or odd looking document.
- The invoice is for an even amount of money. Remind your staff that something “too neat” should sound alarm bells.
- The volume of invoices is abnormally high. Although it could be indicative of an actual increase in business, it may actually be a tip off of something fishy going on.
- The invoice arrives at a different time of the month than you typically receive it. Most services bill at the same time every month, so an inconsistency should be cause for concern.
- The invoice doesn’t have the purchase order attached. Legitimate invoices almost always contain the corresponding purchase order.
- The email pressures you to pay immediately.
Practical steps you can take to mitigate risk
The measures you take to prevent your business from falling victim to invoice fraud need to be practical. It won’t help your business if you can’t figure out how to actually mitigate the risks you’re facing. Let’s break down some of the most powerful ways to prevent invoice fraud from happening in your own backyard:
Educate your staff
The best defense is awareness that these attacks are happening. Educating your staff, company-wide, is a great place to start. You can use this as an opportunity to teach them about the nature of invoice fraud, how to identify attempts, and implement precautionary measures to ensure your business never falls victim to it.
ACFE Insights compiled a fantastic guide that walks you through the components of an effective fraud awareness and prevention training. We bet you’ll like it as much as we did.
Verify invoices
Invoices should always be compared against previous ones. It’s important to always cross check email addresses, bank account details, wording, and logos. Even if something small seems off, it’s a good idea to contact your supplier and have a verbal conversation via a known contact person or phone number. You can never play it too safe when it comes to verifying invoices.
Don’t publicly expose your suppliers
Fraudsters routinely research company suppliers so that they can convincingly impersonate them. That’s why we recommend that you remove any public references to your relationship with them wherever possible (i.e. via testimonials or client lists).
Audit, audit, audit
Conduct regular audits of your accounts. If you keep close tabs on your business’s finances, you can help identify potential losses before it’s too late. In fact, regular audits by management is the second most common way businesses catch fraud, behind whistleblowers.
Use three-way matching
Be sure your business uses three-way matching. This is an accounts payable process that verifies that the details on a purchase order, the supplier’s invoice, and the delivery receipt match before an invoice is paid. This is arguably your best tool to fight invoice fraud.
Moving forward
Invoice fraud continues to be a thorn in the side of small businesses all over the world. Melio uses our vast small business network to validate and connect small businesses and suppliers.
We work with our partner banks to create open and secure communication to react to phishing incidents faster, and to recover badly routed funds whenever possible. It’s time to make invoice fraud a thing of the past.