Invoice fraud is a growing concern for small business owners. According to a 2024 study by the Association of Certified Fraud Examiners (ACFE), businesses lose about 5% of their revenue to fraud each year. For very small businesses, this can be particularly devastating.
In 2023, the FBI reported that Business Email Compromise (BEC) scams, which often involve invoice fraud, was the second-costliest type of crime after investment fraud ($4.57 billion in 2023). They received 21,489 complaints amounting to $2.9 billion in reported losses.
From hackers entering your computers and changing the numbers on your legitimate partner accounts with their own, to impersonating your company in relation to your bank, cybercriminals are constantly finding new ways to swindle businesses out of their hard-earned revenues.
You can start protecting your small business by knowing what sort of scams are most commonly adopted by invoice fraudsters, how to spot and stop them before it's too late.
Did you know?
Invoice fraud happens when a scammer tricks a business into paying a fake invoice. This can take several forms, but the result is the same: the company pays for goods or services it never received. Scammers might pretend to be legitimate suppliers, create fake invoices, or hack into email accounts to send fake payment instructions.
Invoice scams can affect both the business sending an invoice and the client paying it. In either case, scammers manipulate the system to ensure they get paid.
Related: Why Small Business Owners Should Care About Cybersecurity
Fake Invoice Scam: Scammers send fake invoices that look real. If a company is swamped with invoices, the person handling payments might not check each one thoroughly. If there's poor communication between the work done and the invoicing process, there might be no way to verify if the invoicer actually performed the work. The business pays the invoice without realizing it's fake.
Supplier Impersonation Scam: Scammers pretend to be a known supplier and send an invoice for payment. They might even hack into the supplier's email account to make the request seem genuine.
Business Email Compromise (BEC): Hackers gain access to a business email account and use it to send fake payment instructions. They may instruct clients to redirect their payments to a different bank account belonging to the scammer.
Overpayment Scam. A scammer sends a check for more than the amount owed and then asks for the difference to be refunded. The original check later bounces, leaving the business out of pocket. Sometimes, the scammer sends an invoice for a real service but tweaks it so the client ends up paying more. This might involve charging for services not provided or slightly inflating the costs.
The Duplicate Invoice scam. The scammer has done some work for the client but tries to get paid twice for the same job. For example, they might "accidentally" send the same invoice twice, hoping the client will pay both times.
Rewriting Invoices Scams. If scammers gain access to the invoice, they can alter the details to benefit themselves. They might do this by changing the invoice on the business's computer or by tweaking it when it arrives in the client's inbox. Typically, this involves changing the payment details so the money goes into the scammer's bank account instead of the business's. If done well, neither the business nor the client will notice the changes.
As you can see, invoice scams can affect both the person sending the invoice and the person paying it. As such, your defense methods depend on which end of the transaction you're on.
1. Verify Invoices: Always verify the details of an invoice before making a payment. Check the supplier's contact information and ensure the goods or services were actually received.
2. Train Your Staff: Educate your employees about invoice fraud and how to spot suspicious invoices. Make sure they know to verify payment requests, especially if they involve changes to payment details.
3. Use Purchase Orders: Implement a purchase order system. This ensures that every payment request is matched with a purchase order, making it harder for fraudulent invoices to slip through.
4. Secure Your Email: Use strong passwords and two-factor authentication for your business email accounts to prevent hackers from gaining access.
5. Regular Audits: Conduct regular audits of your accounts payable to detect any unusual activity or discrepancies.
1. Confirm Payment Instructions: If you receive new payment instructions from a supplier, always confirm them directly with the supplier using a known phone number or email address.
2. Review Invoices Carefully: Look for any discrepancies in the invoice, such as unfamiliar terms, incorrect contact information, or changes in payment details.
3. Establish Communication Protocols: Set up clear communication protocols with your suppliers to confirm any changes in payment instructions or invoicing details.
4. Report Suspicious Activity: If you suspect an invoice might be fraudulent, immediately report it to your supplier and any relevant authorities.
Invoice fraud can strike when you least expect it. Bitdefender Ultimate Small Business Security can help you stay safe. This all-in-one security solution includes advanced anti-fraud features, protecting your business from phishing attacks, malware, scams, and unauthorized access to your email and financial systems.
With Bitdefender, you can secure your entire network and ensure that the sensitive data of your business and your customers remains protected.
Choose your plan here.
If you suspect someone is trying to scam you, useScamio, our AI-powered scam detection tool, to to verify your suspicions.
Send any texts, messages, links, QR codes, or images to Scamio, which will analyze them to determine if they are part of a scam. Scamio is free and available on Facebook Messenger, WhatsApp, and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia, and the UK.
What should I do if I receive a suspicious invoice?
If you receive a suspicious invoice, do not make any payments until you have verified its authenticity. Contact the supplier directly using a known phone number or email address to confirm the invoice details.
How can I tell if an invoice is fake?
Look for signs such as unfamiliar terms, incorrect contact information, changes in payment details, or an unusual sense of urgency. Always verify the invoice with the supplier before making a payment.
How can I prevent invoice fraud in my business? Implement strong verification processes, train your staff, use purchase orders, secure your email accounts, and conduct regular audits. Additionally, consider using scam detection tools like Scamio and an all in one protection plan like Bitdefender Ultimate Small Business Security.
What are some ways scammers send fake invoices?
Scamwatch reports that the most common form of delivery is email, but phone, text message, internet, mail, social networking, and other forms are also options. After gaining access to your email, the scammer can impersonate an employee, collect sensitive information, or steal your identity.
What are some best practices to minimize the risk of invoice fraud?
If you're worried about how your business can reduce risk, check any suspicious invoice information, follow up on any alterations in billing information, and limit the number of people who can make payments.
tags
Cristina is a freelance writer and a mother of two living in Denmark. Her 15 years experience in communication includes developing content for tv, online, mobile apps, and a chatbot.
View all postsDecember 19, 2024
November 14, 2024