You’ve invested sweat equity to build your business. Now, the hard work is paying off.
It’s time to take the next step: Protect yourself.
Invoice and vendor fraud are more common than you’d think. In fact, two giant tech companies were really stung by fraud schemes that cost close to $128 million.
Again, a little vigilance and proactive measures can go a long way.
“Business email compromise continues to be the number one fraud vector in the industry, and the impersonation of vendors is a leading component of the fraud,” said Jeff Taylor, head of commercial fraud forensics for Regions Bank. “Validating email requests to make a change in payment terms by calling your vendor contact at a known number only takes a few minutes and could result in avoiding a significant loss.”
Staying safe is a matter of staying ahead. Consider creating this four-step process to avoid invoice and vendor schemes:
- Validate payment requests received via email. Call the sender at a phone number known to you and verify the request or change
- Establish partnerships with like businesses to share data about threat occurrences. This form of intelligence sharing can help to identify and flag malicious actors that have attacked other entities
- Provide an employee education and awareness program to keep employees up to date on the latest fraud techniques and threats
- Use email with artificial intelligence (AI) to help your accounts payable department assess which emails are legitimate and include a warning banner to proceed with caution
To stay safe, first recognize the most common invoice and vendor schemes:
- Criminals impersonating vendors — A fraudster obtains login credentials and takes over one of your vendors’ email accounts by impersonating a likely entity such as a financial representative, technical support, fraud operations or an auditor. The fraudster then sends payment requests from the legitimate email account, but any money will be credited to the fraudster’s account.
- Fake invoices for inexistent services — A common invoice fraud technique takes advantage of busy accounts payable departments. The fraudster might use information that leads you to believe the invoice was generated from one of your vendors or bill you for goods and services that were never requested or received.
- Double payment/billing — An accounts payable employee who falls for a double payment scam will end up paying the same invoice twice. Fraudsters can access information about old invoices through account takeover or by getting internal help, but some merchants might commit fraud by sending the same invoice twice –intentionally.
- Insider threat — Two or more employees working together can implement complex schemes to create and pay fake invoices without raising any red flags. This can result in colossal losses if employees are able to take advantage of the same vulnerabilities repeatedly.
- Vendor fraud — This type of fraud can be difficult to detect, especially for companies who process hundreds of invoices per month. Some fraudulent merchants will send invoices for goods or services you requested and received but will modify payment terms or prices in their favor.