Not only has COVID-19 impacted the health and economy of the world, but it has also forced criminals to resort to the only possible method of carrying out their malpractices during the lockdown, through cybercrime.
Lately, businesses are popular targets for invoice frauds. Cybercriminals hack into financial accounts of organizations and send fake invoices to their unsuspecting clients and / or unwarranted notices of change of bank account information. Businesses that process payments for such fake invoices or to the new account without due diligence find themselves out of pocket for tens of thousands of dollars.
By the time you realize that you have paid out to a scam instead of a genuine invoice, it is already too late and there is very little you can do about it. So how can you protect your business from falling prey to such malpractices.
We have enlisted 7 steps you can undertake today and incorporate in your accounting policies and procedures to protect your business from fake invoice fraud. Let’s get started:
1) Due diligence to ensure the invoice received is from a trusted source
Let’s start with the presumption that every invoice may be a fake or a scam. More often than not, an invoice looks genuine at first glance, but when you enter the details in the accounting system, you don’t get a perfect match for suppliers already in your database. This should raise a red flag.
So, if you receive a new invoice from a new vendor / service provider, consult with the right managers to verify whether they have procured any services from this specific supplier or not. You should verify the nature of product or service received, the dates and the payment amount and terms agreed. If the details fail to match, it needs further investigation to ensure it is not a scam.
Remember: The primary purpose of an invoice is to reflect the genuine service or products provided by a vendor during a specific period. It must contain verifiable details of the nature and dates of service / product delivery and relevant departments or managers details. You can never control who can send you invoices, but what you can do, is verify the details of the account before entering it into the system and before payment is processed.
2) Compare new invoices with old ones
Look up info of past invoices from the same vendor in your database and cross-examine the new invoice received to see if the details match. It should be a cause of concern if you find differences in any of the following:
1) The spelling of the vendor’s name
2) The address that is mentioned
3) The banking information that is mentioned
4) The method used to request the payment
Verify the changes personally with the vendor directly or with their Accounts Receivable person on a quick call and also for record request a written confirmation in email for record.
3) Analyze Current Suppliers
Cross-examine your list of current suppliers in detail. Check if any of the company’s names, addresses, bank details, and invoice amount stand out or are not familiar, and request contact info (telephone and email) of the supplier’s AR person ASAP.
4) Two-Step Verification of payments
Try to limit the number of employees who are authorized to process invoices and make payments on behalf of your business. Having two trustworthy and reliable employees having access to the company’s accounts and financials, each having a different type of access; one to initiate the transaction and the second to verify and approve it. Ensuring that the person who is issuing the payment should not be able to authorize it. Consider requiring both parties to sign off on the payment transfer, rather than just one. This makes your business more secure and reduces the risk of fraud and cash heist.
Regardless of how much you trust the person in charge of the finances, you must have personal oversight or consider outsourcing it to a professional and dependable service provider.
5) Inform the vendor once the payment is made
Once you process a payment, always make sure to send the supplier an email detailing:
1) Which invoice you’ve paid
2) How much you’ve paid
3) Date and time of the transaction
This is not just courteous to inform them to expect payment but also a good business practice and helps build strong vendor relationships. It also helps catch any fraudulent payments made accidently much quicker.
6) Limit the Info You Publish About Your Suppliers
Ask yourself, is it really necessary to showcase to the world who you’re doing business with? When you’re advertising your suppliers’ info on your website or other channels, you’re making it easier for invoice scammers to track them down and probe into their accounts. Consider limiting the amount of info that is viewable by the public and keep sensitive info private.
7) Manage Your Invoices Through A Professional Service
Whereas the methodologies mentioned above will significantly help you in combating invoice fraud, ultimately, if you want to stay ahead of these cybercriminals, you always have to watch out for new ways they keep inventing to rip off unsuspecting people.
Or better still, you can save yourself a lot of headache by ensuring that your business’ finances are being managed by people who are professional, qualified and reliable . If you send and receive your invoices through proper service providers such as Monily, not only will you be automatically securing all your invoices, but also be able to pre-approve the people you make payments to. Therefore, making sure that not a single dollar will be spent on your behalf if you haven’t approved and signed it off yourself.
What To Do If You’ve Accidentally Paid An Invoice Fraud
To err is human. Some realizations may come late, but you can still be thankful they came anyway. If you’ve accidentally made the payment to an invoice fraud, you can try to reverse or cancel the transaction by contacting your bank or credit card provider through which you transferred the funds ASAP. Tell them it was a fraudulent transfer and request them to reverse the payment. The sooner you will contact them, the more chances you have of recovering your stolen money. However unfortunately it doesn’t always work. Different bank and account types have different policies and the business development liaison from your financial institution may be able to give you more details.
If this somehow fails and you’re not able to get your money back, submit a report containing the details of the encounter to the FTC (Federal Trade Commission) and request their help.
How This Scam Convinced Even Google and Facebook
Scamming businesses through invoice fraud is just the tip of the iceberg of how deep the rabbit hole of cybercrime goes. In 2019, an online scammer admitted that he tried to steal over $100 million from Facebook and Google by merely emailing the tech giants and asking for it. Upon being caught, the perpetrator revealed that he sent fake invoices to Facebook and Google to wire him the money between 2013 and 2015.
This Facebook and Google fraud is a glaring example of how even the most trusted and technologically reinforced companies can be exploited through illegitimately generated invoices.
Incorporate our 7 tested and tried strategies in your AP policies and procedures to safeguard your hard-earned cash. Stay safe and if you need help reach out to us for professional consult and sound advice.