Criminals are turning to sophisticated methods of scamming businesses out of money, convincingly posing as regular suppliers to trick them into changing supplier bank account payee details. A recent survey by UK Finance show that fraudsters stole almost £93m from UK firms last year through this type of scam. There were 3,280 invoice and mandate fraud cases involving businesses, while the average payment made was £20,750, showing how costly these scams can be. Invoice fraud typically involves criminals targeting businesses by email, posing as a regular supplier and then making a request for their bank account details to be changed. Firms are then tricked into sending money to an account controlled by the fraudster rather than the genuine supplier. But despite these £93m being lost to invoice fraud last year, over 43% of businesses aren't even aware of it, let alone the threat it poses. Invoice fraud should be major concern and the process of changing the bank details should always be treated with extreme caution. And Barclays, one the largest banks in the UK has released a series of tips to make people stay safe and aware of this type of fraud.
How it works
But before jumping on the tips, let's explain how this fraud method works. Firs of all, a criminal contacts you, posing as a genuine supplier, and asks you to change the bank details you use to pay them. It's not hard for criminals to investigate your invoice details, even down to payment dates, to make their approach look more convincing. The message will often have a sense of urgency, and ask you to act immediately. The fraudulent letters and emails they send are well-written, so the fraud is difficult to spot if you don't have strong operating processes and controls. Email addresses are easy to spoof. If a PC is infected with malware, criminals can access genuine email addresses and take over existing email conversations. Requests made in writing often come on paper with a company's letterhead to make them look convincing.
Four tips to help you stay safe
1. When you get bank account details by email or letter for making a payment, paying an invoice, or as part of for a notice telling you about a change of bank details, always verbally confirm changes by calling a known contact at the company to confirm the request is genuine, using details you have on file and not the ones in the message.
2. Build a process to check new bank details on invoices. Have a clear procedure for making payments in your business, and make sure all your staff know how these scams occur, particularly those responsible for making payments. If you feel pressured or anxious, take your time and ask for help.
3. Criminals can access or alter emails to make them look genuine – hacking real email addresses is on the increase. Do not use the contact details in an email. Instead, check the supplier's official website or documents you know are real. Keep vital security software up to date to help protect your company's devices from viruses and hackers.
4. Help protect yourself against all fraud by making sure we have up-to-date contact details for you and your business. You can update them in your Barclays app, in Online Banking or through your relationship team. As always regarding cyber security matters, common sense and awareness are two essential security tools. Most of these scams can be spotted in advance and can be avoided if measures are in properly in place, both from the technology side and, more importantly, from the human perspective.