Cybercriminals are targeting businesses with a new scam that uses fake invoices to trick the business into paying money.
Because the invoices look convincing and arrive from a legitimate-looking email address, busy finance teams can struggle to distinguish them.
Worryingly, this type of scam is on the rise. According to the Scamwatch, Australian businesses lost $2.8 million to this activity in 2017 and almost $5 million in 2018. One medium-sized business alone reported losses of $300,000.
Some businesses more vulnerable than others
Subject matter expert at Upstream Solutions Jai Dyer says some businesses are more vulnerable than others, depending on what processes they have in place.
“Businesses that manage their accounts payable processes manually are particularly susceptible to scams like these.
“The reason is it becomes almost impossible to physically check the veracity of each invoice as it comes through. Paying duplicate or fake invoices can cost companies significantly. So it’s essential to put a process in place that protects the business against this type of mistake.”
A fake invoice works because it usually includes all the information the finance team would expect to see. This includes purchase-order numbers, legitimate-looking line items and reasonable amounts. In other words, they’re unlikely to raise a red flag on a cursory inspection. However, as soon as someone crosschecks those invoices against purchase orders or approved expenditure, they quickly realise they’re fake.
Automated accounts payable
According to Upstream, businesses should consider an automated accounts-payable system to protect themselves against scams. Such systems do the checking for them and streamline the process so that businesses only pay the authentic invoices.
An automated system picks up a fake invoice instantly. This is because it automatically checks the details in the invoice against information in the business’s database. It then flags any discrepancies or duplicates, triggering a workflow for double-checking. These invoices don’t enter the payment cycle for approval until they’ve been verified, says Upstream.
“This process works because it means finance teams don’t have to manually check every invoice,” Mr Dyer said. “Those invoices that are clearly legitimate are processed through an automated workflow that doesn’t require human intervention. Payment is approved according to pre-set rules in the system.
“This frees up the finance team to pay more attention to the exceptions, not all of which will be fake invoices. However, the chances of a fake invoice slipping through the system are negligible.
“Businesses can save significant amounts of money on fake invoices by implementing an automated accounts-payable solution.”