How to spot invoice scams that look like they mean business: Internet Scambusters #280

Invoice scams — bills for goods and services you’ve never ordered or received — rake in billions of dollars for fraudsters every year.

Oftentimes they look like the genuine article but are actually phony. They’re not invoices but offers — what the law calls “solicitations” — that you can ignore. Other times they are genuine but either overcharge you or add items you didn’t get.

This week, we explain five of the most common types of invoice scams and show you how to protect yourself. They’re not difficult to spot or avoid — if you know what you’re looking for.

Invoice email scam now targeting Australian businesses

SCAMwatch is warning Australian businesses to beware of an invoice email scam seeking payment re-direction.

The scam involves scammers pretending to be legitimate suppliers advising changes to payment arrangements. It may not be detected until the business is alerted by complaints from suppliers that payments were not received.

SCAMwatch has received reports from Australian businesses that a scam operating in the northern hemisphere has headed down under. Businesses trading overseas – particularly with companies in Asia – are at higher risk of being ripped off by these scams. The United States and Canadian Better Business Bureau and the Internet Crime Complaints Centre (IC3) have both issued warnings about this business compromise scam.

How these scams work

• Scammers hack into vendor and/or supplier email accounts and obtain information such as customer lists, bank details, and previous invoices.
• Your business receives an email, supposedly from a vendor, requesting a wire transfer to a new or different bank account.
• The scammers either disguise their email address or create new address that looks nearly identical. The emails may be spoofed by adding, removing, or subtly changing characters in the email address which makes it difficult to identify the scammer’s email from a legitimate address.
• The email may look to be from a genuine supplier and often copy a business’s logo and message format. It may also contain links to websites that are convincing fakes of the real company’s homepage or links to the real homepage itself.
• The scam email requests a change to usual billing arrangements and asks you to transfer money to a different account, usually by wire transfer.
• The scam may not be detected until the business is alerted by complaints from legitimate suppliers that they have not received payment.

Protect yourself

• Make yours a ‘fraud-free’ business – effective management procedures can go a long way towards preventing scams. Have a clearly defined process for verifying and paying accounts and invoices.
• Consider a multi-person approval process for transactions over a certain dollar threshold.
• Ensure your staff are aware of this scam and understand how it works so they can identify it, avoid it and report it.
• Double-check email addresses – scammers can create a new account that is very close to the real one; if you look closely you can usually spot the fake.
• DO NOT seek verification via email – you may be simply responding to the scammer’s email or scammers may have the capacity to intercept the email.
• If you think a request is suspicious, telephone the business to seek verification of the email’s authenticity.
• DO NOT call any telephone number listed in the email; instead, use contact details that you already have on file for the business, or that you have sourced independently – for example, from a telephone directory.
• DO NOT pay, give out or clarify any information about your business until you have looked into the matter further.
• Check your IT systems for viruses or malware – always keep your computer security up-to-date with anti-virus and anti-spyware software and a good firewall