Every day, more than 400 businesses are targeted by business email compromise — with a range of tactics designed to exploit vulnerabilities within accounts payable systems and processes. According to Symantec 2017 Internet Security Threat Report, fake invoices are the No. 1 type of phishing scam for businesses, and spear-phishing emails (also called “whaling”), which involve using spoofed emails to impersonate executives or authorized purchasers, are on the rise.
Even if you have tight controls on cybersecurity, phony invoices could still be coming through your system. Whether you’re running a small business or a large firm, there’s always a risk for human error. That’s why con artists use tactics that are increasingly difficult to detect.
Detecting fake invoices
It’s a common scenario: Someone in your organization receives an urgent email regarding an overdue invoice. The message appears to be from an approved vendor, and the recipient is instructed to pay now to avoid disruption of service. The invoice is passed through for payment and doesn’t raise any red flags. The scam could go undetected for a number of months — especially if the invoices appear to be legitimate and the amounts are small — resulting in hundreds or thousands of dollars in fraudulent payments.
Here are five tips to educate employees and avoid falling victim to fake invoice fraud:
Fraud protection starts here
With a combination of internal best practices and using Positive Pay and other fraud detection and control systems, you may be able to prevent or limit financial losses from fraud. We offer ACH Positive Pay with blocks and filters so you can designate which businesses are legitimate trading partners and monitor your accounts for ACH fraud. Contact your business banker at California Bank & Trust to learn more about how we can help you fight fraud[cite::171::cite] [cite::172::cite].