Be Vigilant and Watch Out for Fake Invoices

Today Translations advisory board member David Clarke, a Trustee of the UK Fraud Advisory Panel charity, has backed the call for companies to be on the look-out for criminals who try to steal money by submitting fake invoices, or by pretending to be clients and asking for bank details to be changed.

The nature and extent of the problem were highlighted following new research conducted by cloud expenses company Concur, who looked at the invoicing practices of 500 companies. They discovered that over 20 per cent had received fake invoices and three per cent admitted to paying falsified demands.

Commenting in this week’s Accounting Web, David said that fraudsters have “gone back to old tried-and-tested techniques like social engineering, with humans being the weak link”.

I asked David, who is the former police chief responsible for the National Fraud Intelligence Bureau, what companies, large and small, should be doing to protect themselves from invoicing fraud.

He recommends that businesses adopt what he calls ‘Counter-Social Engineering Measures’. These are traditional practices based on knowing your customer and being aware of the tricks that scammers use to befriend and then dupe victims into doing things like paying fake invoices or changing company details, such as bank accounts.

His top five tips are:

1. Be polite and trust customers but double check facts. Ask yourself why are they communicating from a phone number or email that is different to the one on our customer database?

2. Watch out for callers who are especially friendly or impatient/aggressive. It’s a popular tactic to sweeten or scare you into doing something quickly without checking or following company procedures.

3. When a customer you don’t know very well is especially friendly or hostile, don’t get drawn in and never give them details about yourself/family/friends, nor company information regarding clients. Create space by politely saying you’ll call them back. Use this time to check who the caller is.

4. Don’t be fooled by email addresses. The email and even the style of the content might look like it came from your CEO, but it could easily be a fake email attempting to hack your computer with a virus such as ransomware. This is very dangerous and is called ‘spear phishing’.

5. Make colleagues and friends aware of the social engineering techniques that criminals use. People are vulnerable to fraudsters outside work too, as recent tragic cases of online dating fraud have shown. Your warning may do them a big favour.

By taking these simple steps, you’ll be protecting your company from fraud, preventing criminals from getting rich, and may even be saving your friends from the awful embarrassment of being caught up in a painful social engineering trap.

For David Clarke’s tips on how to spot a fake company, see How to spot a bogus business from a reputable one.

To protect companies from the inherent risks of fraud in multilingual communication and to help compliance officers in regulated professions to identify money laundering risks, we developed the AMLiss™ service. Click here to find out more.