Invoice fraud becoming a significant problem

Invoice fraud involves deceptive practices that trick businesses into making payments to fraudulent bank accounts.  It is estimated to affect one in three companies at a cost of £50.3 million in 2023.

As fraudsters’ techniques become more sophisticated, businesses must understand their tactics and the potential impact on operations.

Some common techniques used by fraudsters include: 

  • Fake invoices: Fraudsters create counterfeit invoices that appear legitimate. They might use details from a genuine supplier including their logo, making it difficult to distinguish between real and fake invoices. 
  • Business email compromise (BEC): In this technique, fraudsters hack into or spoof a legitimate business email account. They then send emails that appear to be from trusted suppliers or senior executives, requesting urgent payments to new bank accounts. 
  • Phishing attacks: Fraudsters use phishing emails to trick employees into divulging sensitive information, such as login credentials or financial details. This information is then used to carry out fraudulent activities. 
  • Change of bank details: Fraudsters pose as legitimate suppliers and inform companies of a change in bank account details. Unsuspecting employees then update the payment information, redirecting funds to the fraudster’s bank account. 

While these may seem fairly simple tricks, they are often elaborate and complex with many underlying layers of deception. One only needs to recall the £20 million deepfake scam that affected Arup in May. 

One common thread is that the payment will nearly always be urgent meaning the potential victim feels pressure to make it immediately. 

The effects of invoice fraud 

Invoice fraud leads to immediate financial losses due to payments to bogus bank accounts which are nearly always impossible to recover. It is unlikely that such losses will be covered by insurance and, whilst Action Fraud can provide a crime reference number, it is doubtful any investigation will follow.

Whilst an internal investigation should be undertaken to understand the circumstances which led to the loss to prevent it from happening again, any further investigation could prove uneconomic.

The biggest impact could be to reputation, eroding trust among clients, suppliers, and stakeholders and may lead to legal consequences, including fines and regulatory scrutiny.

Strategies for mitigating the risks 

We recommend protecting your company from invoice fraud, by implementing the following strategies: 

  • Policies and procedures: Ensure that your procedures cover what should be done when a supplier requests a change in bank details and that this is communicated to your employees.
  • Employee training and awareness: Educate your staff about the common techniques used by fraudsters, the importance of verifying payment requests and their role in protecting the business’ assets. Regular training sessions is essential to help employees recognise and respond to potential threats and to ensure adherence to the policies. 
  • Verification processes: Establish robust verification processes for any changes in payment details. Always verify new or changed bank account information directly with the supplier using a known, trusted contact method. 
  • Use technology: Implement fraud detection software that can flag unusual payment requests or changes in supplier details. Ensure your email systems are secure and regularly updated to prevent BEC attacks. 
  • Segregation of duties: Divide financial responsibilities among multiple employees. This separation can help detect and prevent fraudulent activities. 
  • Regular audits: Regularly audit your accounts payable processes and supplier information. This can help identify any irregularities or discrepancies that may indicate fraud. 

Speak to our team if you’re worried about this issue. We can help you implement robust financial checks that help to protect you. 

Please get in touch for more information.  

Posted in News, Newswire.