No matter what size your business is, you can still fall prey to the malicious attacks.
Cyber criminals are sophisticated now more than ever and are constantly refining their strategies. Scammers look for weak points in your business to exploit. So, businesses need to step up and refine their cyber security and in particular look at their procedures regarding their invoice transaction process.
AI can be used to leverage very complex attacks, some where we’ve seen deepfake attacks to convince CFO of a Hong Kong business into £20m payment. Currently in one of the most expensive cyber frauds criminals used multiple fake videos and artificial intelligence-generated voices to trick a finance worker into fraudulently payments totalling £20m.
What is invoice fraud ?
Invoice fraud is when criminals pose as regular suppliers or a legitimate business and amend bank details where the third party would pay. These scams involve criminals intercepting with your emails posing to be the legitimate business/supplier, where you are tricked into sending money to the accounts controlled by criminals.
5 tips to protect your company from invoice fraud:
1. Follow up invoice payments
Once you have processed or received a payment, get in contact with the supplier to confirm the payment with the amount and payment details used.
2. Check new suppliers/customers
Always make sure to check that new companies/suppliers are registered with companies house. Or you can use services such as Duedil.com
3. Regular Audits on accounts
This is to make sure that if there are any fraudsters changing account details you can recognise this as soon as possible. It will help minimise the amount of money that could be lost over time.
4. Change of Bank Details
If suppliers request bank details, make sure to follow up verbally with the known contact details on file. As they could be fraudsters impersonating company.
Never follow up via email.
5. Staff awareness
It’s important to make staff aware of this type of fraud, especially those who are in charge of invoices and making payments. Keeping staff educated on common fraudsters circulating helps avoid falling victim to an attack. Phishing simulations can play a big role in helping and train staff to see fake emails and communications and to combat invoice fraud.
What to do if you suspect an attack?
Report it to the police immediately / Action Fraud if you’re in the UK. The quicker the incident is reported, the easier it is to recover any lost funds.
If you have not suffered any financial losses but suspect a fraudulent invoice, you should still report it to Action Fraud. This helps them identify any trends with fraudsters as well as preventing them targeting other companies.