Invoice fraud occurs when a fraudster attempts to change the payment details of a supplier in order to deceive the company into sending the money to the fraudster. Fake invoices are generated with knowledge about the relationship between the buyer and the supplier regarding payments.

Phishing attacks are one of the most popular methods hackers use to perform these illegal activities. The fake invoice can be sent through a phishing email to trick the recipient into changing the payment information to send the money to the attacker.

Knowing what invoice fraud is, how it is carried out and why it is on the rise is important to protect your business.

Invoice fraud during the pandemic

Online crimes as a whole have increased during the coronavirus pandemic; this is largely due to the increase in telecommuting. Employees working from home are physically isolated from co-workers and are more likely to process fake invoices rather than running them by their counterparts.

However, it is not just the physical separation that can allow a fraudulent invoice to slip past a good team member. The stress and anxiety around the coronavirus can cause their focus to be somewhere other than work.

Even the most seasoned employees can be fooled by fake invoices due to the ease of spoofing email addresses and gathering information about supply chain companies. Nobody is immune from becoming a victim of invoice fraud; even big companies with a large security budget are vulnerable to attacks.

According to Business Wire, business email compromise (BEC) attacks have risen 200% during a one-month timeframe in the midst of the pandemic; seventeen percent of these cases were fraudulent invoices and payment fraud cases.

The FBI reported that the cost of BEC-related incidents cost companies over $12 billion in 2018, and the total is expected to increase to over $26 billion this year. To help you identify common types of invoice fraud, here are three examples that occurred in 2020.

1. Shark Tank investor defrauded for almost $400,000

In February of this year, the well-known investor on Shark Tank, Barbara Corcoran, lost over $388,000 from invoice fraud.

A fraudster used a spoofed email address to deceive Barbara’s bookkeeper into wiring the money. The scam was discovered when the bookkeeper copied Barbara’s assistant in the reply email.

The spoofed email address was off by one letter, making it difficult to detect the fraudulent activity.

2. Amazon defrauded for $19 million

Even the biggest companies can be fooled by invoice fraud. Amazon recently became the victim of invoice fraud, when the company paid over $19 million for items that were never purchased.

Four brothers manipulated data in Amazon’s vendor system to make the illegitimate payments. They set up a fake wholesale business and sent an extreme overage of items that were different from what they reported, and invoiced Amazon for the amount.

For example, Amazon purchased a 12-pack of disinfectant spray for $94 per pack, but the scammers sent over 7,000 toothbrushes at $94 each, resulting in a $658,000 invoice for Amazon.

3. PayPal customers sent frauduent invoices

Customers of the payment transaction giant, PayPal, were sent fake invoices through PayPal for COVID-19 and wildfire relief for families. These were not requests for donations but were actual invoices that appeared to require payment.

How to protect your business

Attackers have the ability to gather real data about suppliers and can spoof even the savviest of employees. To prevent fake invoices, the right technology with the right configuration is needed.

Some solutions are cumbersome and the effort required to produce results either outweigh the cost or are not humanly possible. Most software programs used to detect these attacks apply rules that will trigger an alert when one of these rules is violated.

To protect yourself against any threat, you must stay at least one step ahead of your opponent.

Deep learning is a technique that teaches a computer to respond to a situation in the same way a human would but without the limitations of a human mind. Deep learning can be taught to recognize and classify all types of data, including patterns of malicious actions.

Get started

Rule-based solutions can be bypassed with the right knowledge; you must use a dynamic solution that can recognize a threat before you do. As the sophistication of the attacker’s techniques increase, the methods you use to protect your business must also advance.

To move past the traditional approach of defense, you need a technology that includes:

  • A data partnership that connects your business with multiple like business partners that share data about threats in their systems. This form of intelligence sharing can help to identify and flag malicious actors that have attacked other entities.
  • Deep learning that can classify and track multiple pieces of data across countless transactions to identify patterns of fraud.
  • The ability to track fraud actors and their relationships with other bad actors to stay aware of threats. Criminal organizations often work together. If you are able to identify a relationship between a seemingly legitimate transaction and a bad actor, you could prevent a huge loss to your company.

To learn more about the benefits that can offer you, check out the Email Shield and try us for free.