Invoice emails – the new Trojan horse during Covid-19

24th Jul 2020
Brought to you by
mydocusafe logo
Share this content

Invoice emails are said to be the latest vehicle for tricky fraudsters and are getting increasingly hard to detect.

These type of attacks are called BEC “Business Email Compromise” and according to FBI Internet Crime report, cost $1.77bn a year.  UK is second in the world in terms of losses.  Attacks and insurance claims are skyrocketing.  

The mechanism is very simple: get hold of an email password of someone important in a company such as a CFO, learn how they operate and combine social engineering with insider knowledge to inject fraudulent invoices into the email flow.   Some fraudsters use deepfake technologies by making bogus phone calls impersonating CEO’s voice with machine learning algorithms to persuade the finance department to make payments.

The traditional protection methods such as training (simulated phishing attacks) or enforced re-authentication (changing passwords or 2nd factor authentication) are worthless if an employee receives an email or a phone call from their boss or the CEO.

New types of defences that are being developed include machine learning algorithms to scan contents of emails to flag any unusual behaviour.  A potentially more robust and cost effective method might be a proper business process which requires proper supplier authentication, countersigning of requests and rigorous maintenance of supplier bank details. 

This is the area where MyDocSafe can help with a mix of blockchain and workflow technology that makes the process resilient to most attacks.  The process is based on the immutability of blockchain making changes to supplier databases hard without collusion of multiple actors - both on the inside and outside.

To find out more – take  a look at our accounts payable solutions including the white paper which describes the system in more detail:


Source: Raconteur, 23/07/2020