As a small-business owner, you may not feel vulnerable to fraudsters, especially if your venture serves a regional or niche customer base. Flying under the radar doesn’t keep you out of the sights of bad actors, though. In addition to building awareness and safeguards against malware and corporate account takeover, it’s also critical to protect your business against supplier invoice fraud.
How does supplier invoice fraud work?
Supplier invoice fraud occurs when a fraudster presents themselves as one of your trusted suppliers by emailing a fake invoice, hoping you’ll take the bait and send them money. If this seems like a variation of business email compromise and phishing schemes, which we’ve covered before, you’d be correct.
Though we don’t like admitting we can fall for supplier invoice fraud, a scammer’s understanding of human psychology helps them succeed. By using social engineering and impersonation, they can easily convince an unsuspecting contact to release funds.
Scammers recognize you have frequent interactions with key suppliers — those who keep your business operational with raw materials, supplies and inventory. These bad actors are counting on you to lower your guard when you see a familiar contact and company name in your inbox. This familiarity sets up the perfect conditions for trickery.
3 ways supplier invoice fraud lands in your inbox
Invoice scams can vary in degrees of sophistication:
A scammer creates a fake invoice complete with a company logo. These are often companies you’ve never heard of, but they can also appear to originate from a trusted supplier. In either case, it requests payment be sent to a portal or a different mailing address. A closer look can reveal the fakery: a misspelled name, uncharacteristic grammar errors, blown-out fonts and graphics, and invoicing details that are wildly off, such as pricing and services.
Another more sophisticated method to fake out clients is hacking right into the supplier’s email system. Once breached, bad actors use these details to create a convincing invoice knock-off. It may have the originator’s correct email address, due dates, pricing, the goods and services you ordered. This time, they add instructions to send payment to a new address, whether by postal or electronic means.
Finally, invoice scams can be an inside job, whether it comes from your business, the suppliers or one of their other customers. Having access to key details and procedures enables them to create a lookalike, or even a duplicate, that escapes the notice of accounts payable.
Ways to protect your small business from invoice fraud
No one is immune to these attacks. Installing safeguards is your best defense against fraud.
Three-way matching is an effective method for rooting out counterfeit invoices. Before releasing payment, all three of the following documents should be in alignment, including items, pricing and due dates:
- Purchase order
- Receipt of goods and services
Set up a review and approval process for any payments that exceed a specified dollar amount.
Before accepting a vendor’s request to change your payment methods, seek confirmation, particularly if it arrives by email. It can be as simple as a quick phone call.
As allies in business, it’s good to look out for each other. When something seems off, notify your supplier right away. That way, they alert other vendors and nip the scam in the bud.
Intelligent banking solutions from Minnwest Bank
Invoice scams can cost your business much-needed capital, and damage the reputation of your trusted supplier. Protections against social engineering can help, along with cash management tools that offer you at-a-glance, synthesized insights into all your accounts payable.
Minnwest Bank’s cash management services give you the tools you need to streamline your business, but with the security assets to reduce your risk. Learn more by meeting with a commercial banker today.