Do you know what the false invoice scam is, what risks it entails, or how to avoid them? Fake invoice scams are a simple but effective way criminals obtain money from individuals and companies who have no training in cybersecurity.
The amount requested in false invoices can vary from small sums for office supplies to huge invoices for factory production supplies, technological equipment, and even machinery. It all depends on the size of the cybercriminal and the victim person or organization.
In this article, we will explain the most relevant aspects of the false invoice scam to prevent and prevent both you, your environment, and especially your company, from becoming victims of this frequent cyberattack:
What is the Fake Invoice Scam?
Settling an unverified invoice without carefully reviewing the invoice details and issuing company can be an expensive mistake.
Sometimes this attack, which can be cybernetic (through digital channels) or on paper (by letter or courier), is also known as CEO Fraud.
The most encountered fake invoice scams are:
Invoice for products that were never delivered.
Invoice for services or products that were never purchased.
Real invoice but with manipulated prices or more concepts than the real thing.
Duplicate actual invoice: already paid or pending payment.
A fake invoice scam occurs when a third party sends a fraudulent invoice to an organization or company, although individual cases can also occur.
Paying a single fraudulent invoice can lead to your business being the victim of major fraud in the future. Most times, the attackers send a minor invoice for an everyday product, like office supplies, to evaluate the business process and see if they will settle the fake invoice.
If the fake test invoice is paid, the scammer will know that the business does not investigate the invoices received. So later, the criminals send additional invoices to the company to continue the scam.
According to a survey by Lloyds Bank, some 500,000 companies in the UK have been affected by CEO Fraud. Specifically, 52% of those surveyed had been the victims of the false invoice scam, with law firms, human resources companies, and IT businesses being the most at risk.
The survey has also revealed that only 20% of companies reviewed their invoices and that 37% have neither cybersecurity training nor a process to prevent this type of fraud. Small and medium-sized businesses are generally at higher risk of falling victim to the false invoice scam.
Still, no one escapes this attack: several examples of the fake invoice scam victims were Facebook and Google. A Lithuanian man stole more than $ 100 million from both tech giants over two years.
Both companies dutifully paid their bills without pausing to investigate who they paid, what product they paid for, and where the money was going. The cybercriminal managed to forge letters, emails, corporate stamps, orders, and contracts. To get the money laundered, he used bank accounts in the United States.
How Fake Invoice Scam Operates
- Phases Of The Fake Invoice Scam
Typically, the fake invoice scam is divided into three phases or steps:
Cybercriminals investigate contracts and vendor names that provide goods to a particular company.
They then impersonate a legitimate supplier and invoice subordinate personnel.
Lastly, they try to gain credibility by sending fake letters, emails, or messages claiming to be from the designated bank of the real provider.
Suppose you want to prevent cybercriminals from obtaining information about you or your organization. In that case, it is convenient that you practice Egosurfing and see what sensitive information about you is out there.
The Target Fake Invoice Victim
The fake invoice scam takes advantage of the fact that an individual who handles administrative tasks for a company may not know if the invoiced product or service has been purchased.
With a shortage of time or urgency, recipients quickly make decisions about payments due or delegate said duty to an employee or collaborator who does not have the means, contacts, or knowledge to verify with the contracting department or actual supplier.Products Or Services Included In False Invoices
The products mentioned in the false invoice, such as office supplies, are so common in many people's budgets that it causes the recipient to proceed automatically with the payment. Criminals know it, and they avoid putting more special or specific products or services since it makes it easier for them to be verified internally.
Also, scammers conduct a thorough investigation to make sure they send the fake invoice to the right company and person. That is someone who has the authority to pay but is unlikely to verify purchases.
- Credibility Of The Sender Of False Invoices
Finally, depending on the "professionalism" of the cybercriminal, the sender of the fake invoice can even create a fabricated website listing the names of respected companies, as if those companies were clients of the company that sent the invoice.
The real website of the real provider of the invoices can also be used, so that when they check it, they can see that the website is totally true or, if it is a more targeted attack, they can even create a web page identical or similar to that of the real provider, to prevent the victim from contacting him directly. To increase the effectiveness of their attack, cybercriminals can combine the scam of false invoices with the technique of phishing.
Cybera is a company focused on detecting, preventing, and recovering funds and data for companies and individuals who are victims of financially motivated crimes.