Supplier invoice fraud, also known as invoice fraud or invoice impersonation fraud, is a type of scam where fraudsters target businesses and organisations, by sending fake invoices or posing as legitimate suppliers to trick them into making payments for goods or services that were never provided, including office supplies, consumables i.e. printer toners, drums or even medical supplies.
This type of fraud can result in financial losses for businesses and can have a significant negative impact on their operations and reputation.
Here's how supplier invoice fraud typically works:
Impersonation: The fraudster gathers information about the targeted organisation, such as supplier names, invoicing patterns, and key contacts. They might also use tactics like email spoofing to make their communication appear legitimate.
Fake invoices: The fraudster then sends fake invoices to the targeted business, either by email, mail, or other means. These invoices might resemble actual invoices from real suppliers, including logos, addresses, and payment details.
Urgency and deception: The fraudster often creates a sense of urgency or importance, claiming that immediate payment is needed to avoid penalties, disruptions to services, or to take advantage of special offers.
Change of payment details: In some cases, the fraudster may request a change in payment details, such as providing a different bank account or payment method. This is often done to divert the payment to the fraudster's account.
Payment: If the targeted business falls for the scam and makes the payment based on the fraudulent invoice or altered payment details, the fraudster receives the funds and disappears.
Organisations can take several steps to protect themselves against supplier invoice fraud:
Verification of requests: Always verify any change in payment details or urgent payment requests through multiple channels. Contact the supplier or vendor using contact information you have on file, not the contact information provided in the suspicious communication.
Strong internal controls: Implement strong internal controls for invoice processing and payment. Require multiple levels of approval for significant payments.
Training and awareness: Educate your employees about the risks of invoice fraud and teach them how to recognise suspicious requests. Regular training can help create a vigilant workforce.
Two-Factor Authentication (2FA): Implement 2FA for payment authorisations or any changes to payment details. This adds an extra layer of security.
Document management: Maintain a centralised and well-organized system for storing and verifying invoices and supplier information. This can help you spot discrepancies more easily.
Cybersecurity measures: Utilise strong cybersecurity measures, including email filtering, anti-phishing tools, and regular software updates to protect against email spoofing and other cyber threats.
Supplier verification: Establish a reliable process for verifying new suppliers before making payments. Check their legitimacy through independent channels.
Regular reconciliation: Regularly reconcile payments with orders and services provided to identify any discrepancies.
Trust, but verify: Even if you have a long-standing relationship with a supplier, remain cautious and verify any changes in payment details or unusual requests.
Legal and financial review: You should always act under the advisement of your legal firm, accountants, or other financial professional to review contracts, agreements, and invoices, especially for high-value transactions.
Prevention and awareness are key to avoiding supplier invoice fraud. By implementing these measures and fostering a culture of vigilance within your organisation, you can significantly reduce the risk of falling victim to this type of scam. If you have any questions about this, please get in touch.
