How to protect yourself from invoice fraud
"There are only two types of companies: those that have been hacked, and those that will be." (R Mueller - FBI Director, 2012).
We urge our clients and those engaging in online business to be extra vigilant as online criminals are becoming more and more sophisticated in finding ways to access businesses online banking and business sensitive information.
Those who regularly receive invoices from a number of sources are at particular risk. Through the sending of fake invoices (a process known in the cyber industry as spear phishing) from what can appear to be a legitimate supplier the fraudsters trick you or your employees into opening the invoice which can have a detrimental impact on your business and your whole supply chain.
What to look out for and easy checks:
Be wary of any unexpected / unusual requests from suppliers
Check basic company information / logo on the invoice.
Cross reference the supplier on the fraudulent invoice with your CRM (Customer Relationship Management) software and Accounts Software (eg. SAGE / Xero) for legitimacy– However this is not a failsafe as the fraudsters may have sent it from one of your supplier’s accounts.
Check the invoice has come from the regular point of contact at the supplier.
The invoice will ask you to enable a macro – don’t! By enabling the macro you are essentially opening the flood gates and your whole network could get infected.
Call the supplier to check if they are aware of the situation and if they have been given any advice.
Ensure you have a firewall in place to detect any malware and prevent data being stolen.
Inform your employees and customers to be wary of the potential threats.
Source: Penarth Management adaptation of Financial Fraud Actions Tips
If you, your customers or your suppliers are the victim of such attacks, please let us know.
Also if you require more information about how you can safeguard your company through the Cyber Essentials government initiative, contact us info@penarth.co.uk / 029 2070 3328