SMEs have been warned to be on the lookout for fake invoices after more than 700 businesses reported that they had fallen victim to the scam in the first half of this year. The summer months in particular are proving to be exceptionally profitable for the scammers.
The worrying increase is thought to be down to scammers taking advantage of the fact that many businesses most experienced staff are away for their summer breaks and leaving less experienced colleagues to deal with invoices. As a result, these staff members are more likely to miss an attempted scam.
The scam sees cyber criminals posing as a supplier to the targeted business. If the initial scam is not noticed then the fraudsters will attempt to get hold of sensitive information; with account details for invoices being the most sought after prize. An unfortunate staff member may be tricked into doing so, only for it to be revealed later that the business has been sending money to the scammer rather than the real supplier.
SMEs need to train their staff to be able to spot fraudulent and fake invoice requests. Internal security is just as important as external. As well as that, they also need to be aware of disgruntled staff inside the business. An unhappy employee could be assisting the scammers by feeding them information.
Businesses of any size are at risk from this type of scam, but SMEs are more vulnerable to the consequences. Hackers and cyber criminals are increasingly focusing their attacks on SMEs as larger organisations are often seen as tougher targets.
The impact of such a scam on an SME should not be underestimated. A small business is likely to find it hard to recover from such a security breach.
How to Defend Against Fake Invoice Scams
By educating all members of staff that this type of fraud exists is vital. Scammers rely on people’s ignorance to get a way in. During holiday periods ensure that all temporary staff are also briefed and told to keep an eye out for any suspicious invoice requests.
Always check that an invoice request is from a genuine supplier before paying and always use established contact channels when dealing with them. If the supplier is using a personal email address do not respond.
Check invoices for any obvious spelling mistakes. If a supplier’s name is misspelt then the invoice could be from a scammer. Also, when making large payments make sure that you contact the supplier beforehand to make sure you have the correct bank account details.
As well as these measures, the business needs to take internal and cyber security seriously. Ensure that your devices have the latest patches and anti-malware software installed and ensure that no sensitive documents are left lying around unattended.
Don’t become a target or victim of cybercrime. Seek the advice of the professionals such as those at PGI Cyber.
Your free global geopolitical
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.