What is invoice fraud?
The act itself sees a third party contact a business requesting payment for a service – generally something mundane and unlikely to raise suspicion, such as office equipment or a domain listing – that they have not actually supplied.
To give themselves legitimacy, the scammer tends to pretend to be a legitimate company their target regularly pays.
And while it may sound easy enough to pick out, it’s costing Aussie businesses more and more each year – in fact, it is now the third-most costly scam in the country.
According to the Australian Competition and Consumer Commission’s (ACCC) Scamwatch website, there were 10,996 reports of false billing in 2018, which cost Aussie businesses more than $5.5 million. This was a significant increase in just five years, with 3,600 reports in 2013 leading to losses of $725,000.
This rise is largely down to the increase in emails as a means of business communication, with the delivery method for the scam being email on 57.4 per cent of occasions in 2018.
What to watch out for
Here are a few tips to help you avoid being scammed: Firstly, double-check the sender’s email address. Changing the name associated with an email address (e.g. a person like ‘John Smith’ or a company like ‘Suppliers Direct’) is easy when setting it up – making it simple for emails to look like they’ve been sent from a reputable source, and usually one you already know.
But if it’s a scam email, the host (i.e. what appears after the @ symbol on the email address) will likely be different. So your message from ‘John Smith’ might be attached to an address like email@example.com rather than ‘firstname.lastname@example.org’.
Secondly, pay attention to where the email has been sent from. Is it from a Gmail or Hotmail account, or from a person or a company you’re unfamiliar with? Is the individual or company name slightly different e.g. ‘payments@suppliersdirect’ instead of the usual ‘accounts@suppliersdirect’, or ‘johns@suppliersdirect’ instead of the usual ‘johnsmith@suppliersdirect’? These are all potential red flags.
Be wary of a false invoice being used to get ransomware into your computer systems. In these cases, the sender isn’t necessarily looking to trick you into paying them, but simply into opening their attachment, thus giving their ransomware the chance to infect your business. Do not open any suspicious emails or attachments from unknown senders.
Don’t let a scam cost you
Also contact your financial service provider, as they may be able to stop or reverse the transaction before funds leave your account.
However, as noted by the Australian Securities and Investments Commission: there is no guarantee that victims will get their money back as it is very difficult to track down the perpetrators.
Instead, you – and anyone in your business who pays invoices – need to be vigilant.