Once obtained, criminals edit and change the name, digitally capture the check, change the pay-to information, and then deposit the funds into their own account. Worryingly, around 4 in 10 companies operating in the States continue to send payment checks in the post, offering an open door to payment fraudsters. Old School ChecksĪlthough invoicing and payments are shifting into the digital sphere, some old-school ways of defrauding companies are still proving popular.Īlbeit a global problem, the interception of mailed checks is particularly prevalent in the U.S. In terms of mitigating this threat, capture technology is one of several cybersecurity solutions that can identify this fraudulent activity-however, for firms that receive hundreds of bills daily, it can be difficult to avoid one or more slipping under the radar. Perpetrators can operate from both within the vendor company and the paying company, as well as malicious actors from the dark web who are able to capture invoice information. The key is changing as little as possible-just enough so that when the invoice is received, finance teams automatically trust the source and simply view the exercise as updating their system with new banking details.Ĭompanies also need to be aware of the fact that this type of scam can be facilitated by multiple sources. In contrast to the illegitimate vendor scam, cybercriminals can also pose as genuine vendors but with subtle differences in invoice information.įor instance, they may make a slight change to remittance information such as company address, ACH routing number and email address. In addition, third parties can be used to verify legitimate companies. Ideally, finance and accounts payable departments will operate with a system that ensures multiple people within the firm oversee which vendors are on the payable list. How is this allowed to happen? Put simply, it occurs when businesses do not have adequate processes in place to properly vet and set up vendors on their systems. This is one of the most popular scams out there-it is all about small value but high volume to bypass the approval process. By this, vendors that are not legitimate will get into an organization’s system and submit invoices that are of a low enough dollar amount to simply be approved without any questioning. Invoice scammers often start off with what could be considered low-hanging fruit. That said, it is important that finance teams are aware of three particularly common examples, which I will briefly outline here. There are many attack methods currently being deployed, and as invoicing technology changes, so too will the means through which fraudsters operate. We can start by spreading awareness of what sort of scams are most commonly adopted by invoice fraudsters.īusinesses the world over are moving to digital payment mechanisms thanks to a combination of convenience, available technology and mandates from governments around electronic invoicing and taxation.Īs a result, cybercriminals are tapping into new avenues to defraud businesses out of their hard-earned revenues. No organization is immune, and if the problem is to be tackled in a meaningful way, we must start to increase knowledge of invoice fraud and hold frank and open discussions about the problem. Invoice fraud is occurring every hour of every day, but there is a general reluctance to talk about it because it hurts brands and has the potential to harm supplier relationships. Indeed, the problem is not going away-if anything, based on our knowledge and experience in this domain, it is becoming even more rampant.
0 kommentar(er)
