Cybercriminals are targeting businesses with a new scam that uses fake invoices to trick the business into paying money to the scammer. The invoices look legitimate and are often sent from a legitimate-looking email address, making it difficult for busy finance teams to spot the fakes.
According to the ACCC’s Scamwatch, Australian businesses lost $2.8 million to this activity in 2017 and almost $5 million in 2018, showing this type of scam is on the rise. One medium-sized business alone reported losses of $300,000.
Jai Dyer, subject matter expert, Upstream Solutions, said, “Businesses that manage their accounts payable processes manually are particularly susceptible to scams like these because it becomes almost impossible to physically check the veracity of each invoice as it comes through. Paying duplicate or fake invoices can cost companies significantly so it’s essential to put a process in place that protects the business against this type of mistake.”
A fake invoice works because it usually includes all the information the finance team would expect to see, including purchase order numbers, legitimate-looking line items, and reasonable amounts. They are unlikely to raise a red flag on a cursory inspection. However, when those invoices are cross-checked against purchase orders or approved expenditure, it quickly becomes clear that they are fake.
Businesses therefore should consider an automated accounts payable solution that does the checking for them and streamlines the payment process so that only correct invoices are paid. These systems also ensure that invoices are paid on time so businesses can take advantage of early payment discounts and avoid late payment penalties.
An automated system picks up a fake invoice instantly because the process includes automatically checking the details in the invoice against information in the business’s database. Any discrepancies or duplicates are automatically flagged, triggering a workflow for double-checking. These invoices aren’t sent into the payment cycle for approval until they’re verified.
Jai Dyer said, “This process works because it means finance teams don’t have to manually check every invoice. Those invoices that are clearly legitimate are processed through an automated workflow that doesn’t require human intervention. Payment is approved according to pre-set rules in the system. This frees up the finance team to pay more attention to the exceptions, not all of which will be fake invoices. However, the chances of a fake invoice slipping through the system are negligible.”
This process also applies to a variation on the fake invoice scam: the change of bank details letter. Scammers often accompany their invoice with a letter advising the recipient that their bank details have changed. This helps alleviate suspicion around paying the invoice. An automated system will ensure that any changes made to the BSB or account details in the company database triggers a workflow for verification or approval by a manager.
Automated systems also detect and prevent duplicate payments, which is a common error that can cost companies significantly. The solution matches the invoice number and amount with other details on the invoice and automatically recognises invoices that have previously been processed. It then creates an exception report or workflow to identify the invoice, marks it as a duplicate, and removes the invoice from the payment cycle.
Jai Dyer said, “Businesses can save significant amounts of money on fake and duplicate invoices by implementing an automated accounts payable solution. They can also save massive amounts of time by removing the manual burden of this work from finance or administrative staff members, freeing them up to concentrate on more complex and valuable tasks.”