Date: 10/06/2015 | DCS News, Business & Professional Services, Commercial Property, Construction, Corporate, Dispute Resolution, Energy & Natural Resources, Environmental, Healthcare, Planning, Residential Development
An upsurge in invoice fraud aimed at small and medium sized business, particularly through issuing of invoices and bank details via email, has been widely reported.
What is invoice fraud?
There are various forms of invoice fraud, however the most recent suggested instances are of particular importance for small and medium sized business. It is believed that fraudsters are now able to scan email traffic for suspected payment details (for example, bank sort codes and account numbers), hack into email accounts and replace the invoice details with their own bank details before sending them on to the intended recipient. Other than changing the details, there is of course nothing to stop fraudsters changing the amounts claimed either.
Public information, such as reports of deals for long terms supply contracts, is also being targeted, with cyber-criminals issuing correspondence purporting to be the supplier indicating a change of payment details for future invoices.
Clearly this has repercussions for both the supplier and the buyer, with the potential for both parties having to take time-consuming and expensive steps to reclaim the misappropriated funds. From a supplier perspective, the lack of funds can obviously have a serious impact on projected cash-flow, while the buyer is at risk of payment claims from the supplier until such fraud can be proven. Further, where invoices are being issued up-front, the supplier would not be under any obligation to provide the goods or services in question until payment is received.
How this can be avoided
Buyers are encouraged to check any bank details given via email against those that may have previously provided. Where the two entities have no previous contact with each other, any bank details delivered should be confirmed by phone.
What to look out for
Though it may be impossible to tell whether an invoice has been tampered with, asking the following questions could help buyers to identify fraud before payment is made:
- Did the email containing the details take longer than expected to come through?
- Is the email address the same as from previous correspondence (.co.uk instead of .com)?
- Check the sort code – does the address match the general area in which the supplier operates?
- Does the invoice look any different to previous invoices received from that company?
- Does the invoice demand payment within a shorter time frame than previously agreed or claim that payment is late, where such payment has not previously been requested?
From a supplier perspective, businesses should consider the information that is publicly available online, which may assist fraudsters in posing as the company.
Where to report fraud?
Instances of invoice fraud should be immediately reported to Action Fraud, the National Fraud & Cyber Crime Reporting Centre on 0300 123 2040.