invoice Fraud
What is Invoice Fraud?
Invoice fraud is a type of scam, where you, a client or supplier ends up receiving/paying an invoice to a fraudster, thinking it is a legitimate invoice from a company that you are engaged with in doing some kind of business.
How does it work?
There are many different attack types, however, 91% of all attacks involve Email. Someone, somewhere, either in your business, a client’s business or a suppliers business gets compromised. It could be that they click on a link and give away their login details, it could be that a website they have accessed gets breached and their login details are stolen. It could even be that while surfing the internet, they unintentionally gave their credentials to a cybercriminal using public Wi-Fi. However it happened, a cybercriminal is now tracking email communications between clients, suppliers, and their partners to work out who owes who money to whom and who they can attack.
Once they know who is due to pay an invoice or when the billing cycle is due, they will often create fake email addresses that look very similar to the real email address and take over a conversation with a supplier or client, shutting down the legitimate communication to the ‘real’ email address. They will then send a timely invoice having changed the bank details so that the payment goes to the cyber criminal’s bank account…all the while blocking email communications with the originating email and thus keeping you in the dark.
If it’s a new supplier, then there is no need to request for the bank details to be changed, however, if it’s an existing provider, they will be asking you to change the bank details, so beware of any conversation that starts with, we have changed our bank details and use another method of communication to verify the bank details before any payments are setup or made…especially with new business relationships.
Containment
Now that you’re aware that someone’s email has been compromised, what do you do next to contain the situation?
Firstly, change the password to the account. Hopefully, the account you are using is not an Admin account, as with Admin Credentials, they can change the password and lock you out of your own account!
Secondly, run a Virus Scan to make sure that no nasty software has been loaded onto your machine.
Thirdly, call your bank to stop any payments leaving your bank account.
Fourthly, check for any rules that may have been setup to forward emails to another email address and remove them.
Speak to an IT company about checking your audit logs and rules within your Microsoft or Google that may still be providing access or forwarding information to your attacker.
Finally, notify staff, customers, and suppliers (and the ICO if involving personal data) that there has been an attack and to be extra vigilant to any requests for payment or information and to report back to you should they be contacted in this manner. Under no circumstances should they be paying an invoice from you until the invoice has been verified.
Prevention
If you haven’t already, consider some additional email security to filter your emails, a scan of the dark web to see if any of your passwords have been part of a recent breach and seriously consider buying a password management solution to help manage passwords securely.
Once attacked, cyber criminals will view you as a weak target and will come back repeatedly with the hope and expectation for another pay day, so its critically important to put additional security in place if you have previously been compromised.
We recommend working with a specialist Cyber Security focused company that can put the right solution in place to protect your business from Cybercrime. Make sure they are genuinely Cyber Security specialists, rather than IT generalists. You wouldn’t get a plumber to fix your roof after a storm. It’s even more important to make sure you get the right specialist skills when dealing with a breach as its your livelihood and future prosperity that is on the line.
