The international nature of the moving business makes it particularly vulnerable to the rising cases of digital invoice fraud. In this article, FIDI’s Business Intelligence Manager, Marie-Pascale Frix, explains some practical steps to mitigate the risks.
As the rate of cybercrime increases, FIDI is being alerted at regular intervals of Affiliates experiencing phishing incidents. Recently, there has been a rise in cases involving digital invoicing scams, where fraudsters manipulate payment details, leading to substantial financial losses.
Invoice fraud, also known as ‘fake invoice fraud’ or ‘phishing invoicing,’ happens when fraudsters send a falsified invoice to a company, posing as a legitimate supplier. The invoice may appear to be from a known partner but often contains modified bank account details, leading the unsuspecting company to pay money into a scammer’s account.
Fraudsters may even go as far as calling companies, in your name, in your sector, requesting payments for your company’s invoices to be made to a different bank account – this was recently experienced by a FIDI Affiliate.
These schemes are often sophisticated, so even seasoned professionals can fall victim to them. But there are some straightforward steps your company can take to protect yourself.
Recognising the threat:
The first line of defence is to understand how invoice fraud occurs. Typically, fraudsters target businesses with tactics such as impersonating suppliers by hacking or mimicking email addresses, altering payment instructions, or timing their attacks during busy periods. Once the payment is made, recovery is often extremely difficult, making prevention essential.
Some best practices:
- Use verification protocols: Verify financial changes with known contacts at the supplier’s office via a verified phone number.
- Implement dual approval: Require multiple layers of approval for significant payments.
- Train employees: Regularly educate staff to recognise phishing attempts and unusual payment requests.
- Use secure payment platforms: Adopt systems with verification mechanisms and multi-factor authentication.
- Monitor and review payments: Establish procedures for reviewing outgoing payments and auditing for irregularities.
- Update security software: Ensure email and financial systems are protected with up-to-date software and firewalls.
- Report fraud early: Notify your bank and authorities immediately if targeted.
- Get cyber insurance: A robust policy can mitigate the financial impact of fraud.
What to do if you are a victim:
Despite precautions, fraud may still occur. If targeted:
- Contact your bank immediately to attempt a payment reversal.
- Notify your supplier of the fraudulent activity.
- Report the incident to authorities promptly.
Who is liable for invoice fraud?
In most cases, the debtor remains liable for the original payment until the creditor receives it. Legal proceedings may determine responsibility if the creditor’s systems were compromised.
Vigilance is vital:
Relocation companies, which handle large sums and operate globally, are particularly vulnerable to digital invoice fraud. By fostering a culture of vigilance and implementing robust practices, businesses can significantly reduce their exposure to these threats.
For more detailed guidance, visit FIDI’s cybersecurity resource centre at fidinet.fidi.org/resource-pages/cybersecurity.
