Cybersecurity and Fraud Protection
3 Tips for Battling Invoice Fraud
Criminals frequently use invoice fraud involving third-party suppliers and vendors as a way to redirect payments to fraudulent bank accounts and steal funds. Here are some best practices to help protect your organization.
1. Designate a Specific Contact Person
Establish a designated point of contact with a third-party supplier. That contact will coordinate regular payments with the company and will answer any questions about invoices.
- Implement a dual approval or multistep validation and verification process.
- Verbally confirm banking details before initiating payments. Inform the supplier after an invoice has been paid and request confirmation of payment.
2. Be Vigilant
Direct employees responsible for processing payments to remain vigilant and watch for changes to payment instructions, particularly banking details, as well as invoiced amounts or a sense of urgency from the sender.
- Verify all changes to outstanding payment instructions by implementing a callback process using a known telephone number.
- Be vigilant in checking for spoofed emails that appear to be sent from a known source. Criminals may create a fake look-alike email domain to pose as a trusted sender, e.g., @deanco LLC.com can appear similar to a known vendor @cleanco LLC.com.
- Check bank statements carefully. Report all suspicious debits immediately.
3. Protect Your Personal and Business Information
Cybercriminals often conduct extensive online and offline research to identify vendors and third parties with whom you work.
- Remove extraneous information from the company’s website, social media channels and other publicly available materials.
- Be prudent in what employees share about roles and responsibilities via social media.
- Never leave sensitive materials—such as invoices, account information and client data—unattended.