Cyber-attacks rarely seem to be out of the news at the moment. However one particular type of cyber-crime that seems to have avoided the attention of the media is invoice fraud. This is unfortunate as according to The Financial Fraud Action UK this scam is on the increase with hundreds falling victim in the last year.
So what do the fraudsters do?
- Firstly they do their homework, by researching your existing suppliers through publicly available information.
- They may hack into an e-mail account from a legitimate supplier and intercept messages and find legitimate invoices; they alter the invoices and request payment to be made to an alternate bank account than the standard one previously used.
- Or they may make contact via phone or letter altering payment details and re-directing genuine supplier payments.
With sophisticated communication these scams can easily go unnoticed, especially as companies routinely ask to change or update payment details.
So what can you do?
The Financial Fraud Action UK gives the following advice on invoice fraud prevention:
- Be on the lookout for unexpected invoices or unusual payment requests, especially those arriving in different formats to normal.
- Avoid enabling any macros on an untrusted document. (Macros in themselves are not dangerous and do serve a legitimate purpose – but they can be used to hide malware).
- If you’re suspicious – call your supplier on the number that you have on file to check the authenticity of the invoice/change request.
- Ensure you have the latest anti-virus and security updates installed on your computer and consider using high-level macro security settings in software applications.
- Ensure strong firewalls are in place to help detect malware and prevent data leaving the network without permission. This can be achieved through investing in IT and seeking professional advice.
- Consider using a separate computer dedicated to making online payments to minimise security risks.
The best way to prevent this type of fraud is to be on constant alert and question any unusual requests and encourage your staff to do the same. Payment details should never be altered on the basis of a single call, email or letter. Suppliers will always be happy to confirm whether an invoice is real, after all they want to be paid!
If you would like to discuss these tips, why not contact HETAS Insurance Services on 01905 886462 to see how they can help you.
HETAS Limited is an Introducer Appointed Representative of Jelf insurance Brokers.
HETAS Insurance Services, Jelf, Jelf Lampier, Jelf Manson & Jelf Clarke Roxburgh are all trading names of Jelf Insurance Brokers Ltd (Reg No. 0837227). Jelf Insurance
Brokers Ltd is part of Jelf Group plc and is authorised and regulated by the Financial Conduct Authority (FCA). Registered address: Hillside Court, Bowling Hill, Chipping Sodbury, Bristol BS37 6JX (Registered in England and Wales). Not all products and services offered are regulated by the FCA. JIB127.07.15