Invoice fraud is a relatively new type of scam where scammers pretend to be a partner, attorney, or supplier of the company. It is also known as Business Email Compromise (BEC) or Man-in-the-Email (similar to Man-in-the-Middle).

Invoice Fraud and How To Protect From It

How does it work?

  • First, scammers use social engineering and learning the names of executives, partners of the company, and their email addresses.
  • Then they send emails that look like they were sent by an executive, supplier, attorney, or lawyer who works with the company.
  • These emails are usually urgently requesting to make a wire payment for the attached invoice (wire transfers are not easily reversible and in most cases are not reversible at all so money sent to the wrong account can’t be easily returned).
  • Attached invoices are also faked and while they may look very similar to invoices that the company received in the past but they use different payment details inserted by fraudsters.
  • So, an employee of the company reads this email and makes a wire payment to an account actually owned by a fraudster.
  • The wire goes to the wrong address and before it is discovered it takes days or even weeks.

Why are fraudsters successful with this fraudulent scheme?

Because fraudsters use the following tricks:

  • They pretend to be a high profile CEO or top executive, company lawyer, a company partner. Sometimes they use hacked mailboxes or make fake emails that look very much like the original one.
  • They request to send money urgently and in most cases at the end of the day or workweek when everyone is tired
  • Unfortunately, there is no way to automatically detect these fraud emails because they don’t contain any virus or malware

How to protect from these fake invoices?

  • Tell about this type of fake invoices with employees responsible for payments. Train them to verify all the details in invoices carefully.
  • Automate invoices verification and processing. You can implement an automatic check for correct details in invoices using automated tools like PDF.co that can read invoices and verify data using the search or AI-based data extraction.
  • Enable 2-factor authentication for email boxes where possible. If it is not supported then make sure that strong passwords are used and updated once in six months.
  • You can also enforce rules to pay by check only or by credit card because these payments are protected by banks and can be easily recalled.

Be careful and implement automatic invoice reading using PDF.co solution for automatic data extraction and verification.

You can see how to detect fraud with PDF.co Document Parser HERE.

 

PDF.co Web API creates accurate and structured invoices, converts from HTML to PDF, and provides nice templates for your invoices!

GET YOUR API KEY Zapier plugin  Explore API Docs

 

Here’s the list of main invoice fields:

 

Useful resources about invoices: