Because invoices are increasingly sent digitally, the risk of fraud is greater. A frequently used method: fraudsters mail you a fraudulent invoice, with their own account number. How can you recognise this fraud?
Invoice fraud: wrong account number
In the case of invoice fraud, a financial employee of a company is deceived into transferring money onto the fraudster's account. Usually fraudulent invoices are used. For example:
- Els works at the accounting department of a construction firm. She receives an e-mail that appears to come from the company Snellecement, a regular supplier.
- The mail asks for payment of the enclosed invoice, but to a new account number, because Snellecement changed banks.
- The invoice seems to be in order, and Els pays the invoice to the new account number.
- Afterwards, it turns out that the fraudster has falsified the invoice and replaced the normal account number with his own.
- Result: money gone!
How can you recognise CEO or invoice fraud?
In the event of invoice fraud it's actually simple: you have to be suspicious of any request for payment where the specified account number differs from what is in your online banking application. That applies to both private persons and big or small-sized businesses. For small and large amounts.
Take these precautions to prevent CEO or invoice fraud
Some simple precautions will lower the risk of this kind of fraud. A safe procedure when processing and paying invoices, in combination with a healthy dose of distrust, is the best defence. Below is a list of measures that can be taken, both on company level and by individual employees.
As a company:
- Make your employees aware of the fact that such fraud exists and how they can recognise it.
- Ask your staff to always be careful with payment requests and to check them for irregularities.
- Issue internal payment guidelines. For example, you can agree that payment requests by e-mail are subject to a check to verify their authenticity. Or that for payments above certain amounts extra consultation is necessary.
- Check the information on your website. Transparency is good, but too much information is dangerous. Third parties don't need to know who your suppliers are for example.
- Tell your employees not to share too much information on social media.
As an employee:
- Don't trust the e-mail address in the 'From' line. It is very easy to copy! Fraudsters can even make a perfect copy of your supplier's layout and logos in the mail!
- When in doubt, talk to an authorised colleague.
- Work out a guideline to confirm the correct bank account and beneficiary for payments above a certain amount.
- Did you receive a request to change the payment details? Request confirmation of the company in question. Don't use the data specified in the letter, fax, or e-mail you received, but the contact data specified in previous correspondence.
- It is always handy to have a single point of contact in companies you make regular payments to.
- Don't share information about your employer, the hierarchy in your company, the security or the procedures. And be careful with social media!
- Also take note of the general tips in our article about CEO fraud.
Remember: every attempted fraud is an offence. Even if you are smart enough to recognise the fraud, and you do not accept the payment request, you should still report the attempted fraud. This way you put the police onto the fraudsters, and you might prevent others from becoming victims!