27 Aug Invoice Fraud on the Rise
Let’s face it, fraud is everywhere. You have probably received an email from the Nigerian prince asking you to fund his mission to tackle global warming. Or, maybe you have been greeted by a call from “the police” or the “Australian Taxation Office”, demanding payments or your personal details. While most people rightly question the authenticity of these scams, the problem is
fraud still works
Many individuals ignore these calls and messages; however, they are not the only ones being targeted. While one person may question a random invoice that has appeared in their inbox, a company of 20 may not second-guess 1 invoice in a pile of 30. With the rise of the internet and the increasing abundance of quality resources, scammers are getting harder to catch and much more convincing.
Scam invoicing continues to be one of the lead causes of fraudulent losses, results in hundreds and thousands of dollars being stolen from businesses in Australia every day. According to the Gambling Motivated Fraud study in Australia 2011-16, fraudulent invoicing is Australia’s third most prevalent fraud, averaging $492,000 in losses daily.
Fraudulent invoicing are turning common-place, as was demonstrated when a huge flood of fake e-bill notifications purporting to come from Energy Australia hit Australian inboxes. These emails, which replicated Energy Australia’s brand display and email layout, urged recipients to click and view their latest bill. Often, recipients who fall for these traps are taken to a malicious file download or a bank page, putting their computer security at risk. Therefore, it is crucial to be wary of these emails as it can lead to data leakage or unwanted payments.
Fraudulent invoicing can come under 3 forms; as false, duplicate or inflated invoices.
False Invoices are those similar to ones in the Energy Australia’s case. Scammers may pose as a supplier and demand payments via email for goods or services that have not been ordered. This is also known as a Business Email Compromise (BEC) attack, to which the Australian Cybercrime Online Reporting Network (ACORN) had attributed losses of A$20 million in the economy during 2016-17. This is a startling 230% increase from the 2015-16 period, confirming that false invoicing is a major and increasing vulnerability to businesses.
There are several reasonings as to why businesses are falling for these deceitful schemes. Firstly, employees who are authorising these payments often have little to no knowledge about the specifics of genuine purchase orders, or what has been delivered. Thus, when an authentic-looking invoice comes in, employees will process the payment, thinking that it is simply just another bill to pay. Ever heard of the saying ‘it’s never too late?’ Well even when fraud is ever discovered, it is often the case with direct payments, as with invoices, that funds cannot be retrieved.
Secondly, fraudulent invoices can be meticulously designed to look legitimate. Invoices may be sent from an email address similar to an existing supplier. They may also incorporate the same brand names, displays, and email formats. Clever deceptions like these have cost businesses significant amounts of money. Between 2010-2012, 281 organisations from a KPMG survey reported 194,454 incidents of fraud which totalled a loss of A$372.7 million in total, or A$3.08m per organisation.
Duplicate and Inflated Invoices
Multiple and inflated invoices are other common methods used to defraud businesses. Instances of these invoices originate from existing suppliers or their employees, however in many cases, the result of these invoices may be unintentional.
Invoices may be sent multiple times in the same period, for similar or the same items. They may have the same or different invoice number, date and purchase order number.
Some may even inflate the amount that needs to be paid, stating a number higher than the agreed price or may have errors leading to miscalculations.
Other Types of Fraud Activities
Asking you to confirm your details
This method is most prevalent via phone calls. You may receive a phone call from your “supplier” or “bank” asking you to confirm your bank details so that payments can be processed. They may ask you to state your exact details, or may ask relay false information, in order to prompt you for ‘corrections’. This approach can easily be the most damaging to an individual’s accounts, however this still can occur with companies.
Using information that may have been obtained internally or through breaches, a scammer may pose as one of your regular suppliers. They may inform you of a change in their bank details, attempting to redirect genuine payments. Again, to further legitimise their scheme, stolen letterhead and branding may be used.
Why is fraud viable? The reason is often lack of internal control within firms. If employees who are authorising these payments are unfamiliar with the business’ trading operations, these scams are bound to happen, sooner or later. PwC particularly emphasises that ignored or unenforced restrictions on sales and inventory are main invitations for fraud.
Understanding that these types of frauds exist is vital for small businesses where financial control is not formalised, however they also affect large organisations. Although there will never be a fool-proof formula to completely stop fraud from occurring, there are certainly preventative measures. LucaPlus is a reliable e-invoicing software that eliminates the risk of fraudulent invoices through Blockchain technology. Moreover, its secure verification method and use of approval systems filter invoices ensure that your bills are legitimate. You can set up a LucaPlus account for free at https://www.theblockledger.net/luca/.