In the last few weeks, our team has noticed a significant uptick in the number of fake invoice emails that are coming into our organization. As an IT company, if we are seeing it, we know for certain other businesses are being targeted as well.
How Can I Identify a Fake Invoice?
Who Do You Think You Are. The invoice comes from a vendor you haven’t purchased from. We have been seeing a ton of this. An invoice comes through indicating they will charge your credit card in a few days and if you wanted to cancel or felt it was a mistake to call them. This is a classic ploy to get the customer to call and once they have you on the phone, they can either convince you to get on a remote session with them or obtain your banking details.
I Know You. The invoice is from a vendor you do business with, but that doesn’t mean to let your guard down. Always check the email address. If it is fraudulent, a few characters might be off. Also, if the requested time frame is short, be cautious.
I Just Met You. Be careful when you are paying a vendor for the first time. The supplier could have been hacked themselves, and you have no history in which to compare previous invoices. Businesses that do project work or manufacturers are especially susceptible to this type of scam as they will often pay very large invoices to vendors on a one-off quite often.
What Should I Do?
Small businesses can grow at such a clip that they begin adding personnel to key positions before well-thought-out processes have been documented. This is one area of your business where managing processes must be in place and well communicated.
Social Engineering. Cybercriminals are watching social media sites such as LinkedIn for junior or newly hired staff members. These members of our team can tend to be eager to please or just don’t know any better. Make sure that part of your employee onboarding is training regarding your accounts payable process and authorization protocols.
Click Worthy. One of the most effective strategies that hackers are using is the invoice attachment. If an invoice is attached as either a PDF, Word, or Excel document, be cautious. Malicious files can be hidden in these attachments. Your organization will be better off using a trust but verify approach. When in doubt, call the source to confirm before opening any attachments.