14th January 2020
Invoice Fraud and Business eMail Compromise – a major threat for 2020
By Dr Debbie Garside, Group Chief Innovation Scientist/CEO GeoLang, The Shearwater Group plc
“54% of businesses are worried about invoice fraud”
Business Fraud is costing organisations up to 10% of their expenditure.
According to the Annual Fraud Audit 2019, [http://www.crowe.ie/wp-content/uploads/2019/08/The-Financial-Cost-of-Fraud-2019.pdf] average losses per company range between 3% and 6% with some as high as 10% of expenditure being attributed to fraud of some kind – overall an average rise from 4% to 7% in 2018.
Encompassing Phishing, Business eMail Compromise and Occupational Fraud, business fraud, as a whole, is on the rise – reportedly costing UK companies in excess of £130bn or 6.1% of UK PLC’s GDP.
There are many factors to consider in business fraud and we take a look at some of the most common risks, including Phishing, Business eMail Compromise and Occupational Fraud and what can be done to reduce the risk insofar as is possible.
Invoice fraud occurs when fake invoices are sent to targeted businesses in an attempt to extract money from companies with vulnerabilities in their accounts payable processes. External fraudsters target companies based on their size and location to narrow down what suppliers they may use regularly, such as office supplies, and cleaning services, etc.
Phony invoices on behalf of these suppliers that look legitimate, except for small discrepancies such as different addresses, are then created.
Armed with the knowledge that most Accounts Payable departments are always playing catch-up, phishing invoices are often sent with a sense of urgency such as ‘This Invoice is 90 days past due’.
To top it off, invoice fraudsters are refining their craft by making the amount of the invoice low enough that it won’t trigger suspicion. For example, if £1000 or £5,000 is within the first approval level, it may be approved quite easily – thereby bypassing your accounting controls such as three-way matching.
Without a thorough investigation, these fake invoices can easily be paid. Large businesses with multiple departments and poor communication can easily be susceptible to substantial amounts of invoice fraud. Whereas smaller companies have less stringent accounts payable processes.
Invoice fraud can also occur when a company or organisation is tricked into changing bank account payee details for sizeable payments or even smaller regular payments – criminals posing as regular suppliers to the company or organisation make a formal request for bank account details to be changed.
Although a global problem, SMEs in the UK alone are reportedly losing more than £9bn, representing 4% of UK GDP, as a result of invoice fraud every year; as many as 47% of businesses have received a fraudulent or suspicious invoice in the past year, according to recent research by invoice platform Tungsten Network.
Fraudsters rely on the fact that people who work in finance are busy people and will exploit this in the hope that you won’t notice details that aren’t quite right.
Also seen in; Computing Security Magazine