Share this content

Fake invoices leave businesses at risk

2nd Dec 2015
Share this content
fish hook on computer keyboard

While being duped by fake or duplicate invoices remains a concern for finance professionals, according to recent research businesses remain exposed to such risks, with a failure to ensure that invoices always come in to the same place before being approved and an ‘it won’t happen to me’ attitude cited among the main reasons.

The research, conducted for cloud expenses company Concur, examined the supplier invoicing practices of 500 companies, found that over one fifth of companies had received fake invoices, while 3% of companies admitted to actually paying falsified demands.

‘Little hope’ of getting money back

Commenting on the study Chris Baker, UK Managing Director of Enterprise at Concur said: “if only 3% know they’ve paid a fraudulent invoice, how many more companies have absolutely no idea and have paid, or are still paying, fraudulent invoices?

“Once companies have paid the invoice, there is little hope of getting the money back, but it’s not just about the initial outlay, businesses will be falsely reclaiming VAT and are at risk of penalties, plus investigation if HMRC deems that their processes are at risk.

Katy Worobec, Director of Financial Fraud Action UK added: “Criminals target businesses because they know successfully scamming a company can potentially net them far more money than they could steal from an individual.

“Fraudsters know businesses are used to processing many kinds of payments and so a simple request to change invoice details or provide financial information has a chance of deceiving an accounts department.”

Fraudsters back to ‘tried-and-tested’ techniques

David Clarke, trustee director of the Fraud Advisory Panel believes that invoice fraud is changing because of the measures many firms have put in place protecting data and security.

Clarke said that the fraudsters have “gone back to old tried-and-tested techniques like social engineering, with humans being the weak link.

“If you can’t get an insider then try to get people to trust you,” continued Clarke, “and then you can hit them with ‘we’ve just changed our details’ or ‘moved our account’. People are often just too busy to notice.

“The change has come about because other measures have been successful, so they’ve now got to get clever and go back to the old methods.”

Concur’s Chris Baker added: “The fact is that invoicing is still very much a manual process and people won’t get it right all the time. If a scammer gets a fraudulent invoice past your finance team once, they’ll chance their arm until you stop paying. It’s not unlike phishing in the sense that once a weak spot has been identified it will be exploited time and time again”.

Call back, share information

To avoid falling victim to the fraudsters Katy Worobec from Financial Fraud Action UK recommends you should “be on alert if you receive a call or email out of the blue asking you to update any payment details. If you’re ever in doubt about a request or an invoice, ring back the company on a number that you know, and ask to be put through to a person who you have spoken to before.”

 “The villains actively look for someone who’s gullible,” said Fraud Advisory Panel’s David Clarke. “If you have measures in place they move on to the next business. Firms that are savvy about this pick up on it quickly.

“Put information out regularly, I recommend weekly or monthly meetings for anyone in a customer-facing role to share information about potential attacks with members of staff. You don’t have to go on a half day training course to learn this.”

Duplicate payments among ‘deepest concerns’

The Concur study also found that one in three organisations are aware that they have paid duplicate invoices. This issue becomes more widespread as organisations grow, with 59% of firms of between 1,000 and 2,999 employees paying duplicates.

Duplicate invoices were considered more worrying than fraudulent ones, with 34% of respondents citing duplicate payments among their deepest concerns, while only one in five of those surveyed list fraud as a concern.

Has your firm received fake or duplicate invoices, or does your company have a dependable system to deal with these sorts of issues?

Replies (3)

Please login or register to join the discussion.

By slarti
04th Dec 2015 13:19

"over one fifth of companies had received fake invoices"

Only 1/5th?

I can't remember at time when fake invoices were not arriving at companies I worked for.

I would suspect that their research is flawed if they find only 1/5th have received them.

And as for duplicates being paid, don't their accounting systems check for duplicate invoice numbers from the same supplier? Aren't they matching invoices to orders?

Thanks (1)
By Tom Herbert
04th Dec 2015 13:40

When I spoke to David Clarke at the Fraud Advisory Panel about the research his reaction was roughly the same. I'm guessing it's only 1/5th of companies who actually admit to receiving them!

Thanks (1)
By Sarah Rutherford
09th Dec 2015 12:06

Reliable Solution

Hi all

Generally higher awareness is the best solution, however we can now help businesses with this problem as we have a solution that confirms the bank account details of your suppliers. You enter the bank account data provided (or for large volumes we can integrate with your systems) and our system checks it against the information we have on the ownership of business bank accounts to return a likelihood that the bank account belongs to the company you wish to pay. Making this check can help prevent payment being made to these scammers without you having to carry out investigation with your suppliers. 

Thanks (0)