Business On Line Security

We’re committed to helping you stay safe online. You can also help minimise the risks by being security conscious.

Fraudulent Invoice Payments

Background

There is a growing trend in Ireland in invoice payment fraud whereby the supplier’s beneficiary details are fraudulently altered. This bogus invoice fraud usually involves a genuine invoice being intercepted by unknown means and the beneficiary account details being altered. As a result, the company making the payment is misled to believe that the beneficiary bank account details have been changed and the payment is transferred to a fraudulent account.

The fraud will usually be discovered when the legitimate supplier sending the invoice queries “non-payment”. A number of fraud attempts have been successful as the change of beneficiary account details were not confirmed directly with the source supplier before making a payment.

What Are the Tell Tale Signs?

The counterfeit invoices (and any covering letters) may appear to be printed on company headed paper but are more likely scanned copies from an original document and printed onto paper using a domestic printer so the company logo may appear less sharp and slightly blurred.

Where bank details have been replaced on an original invoice with the fraudster’s bank account details, it may be possible to compare the print against the remainder of the document to identify any alterations. In some cases, where no payee account details are shown on the invoice, the fraudsters have merely typed an instruction to pay funds to a particular account.

How Can You Reduce the Risks?

Although not exhaustive, some examples of action you can take to protect yourself are:

  1. Always confirm change of bank account requests with the Company making the change, being mindful not to use the contact details on the letter requesting the change.
  2. Look out for different contact numbers and e-mail addresses for the Company as these may differ to that recorded on previous correspondence.
  3. Consider reviewing change of account details already acted upon where payment is due at a future date and confirming the authenticity of the request.
  4. Consider setting up designated Single Points of Contact with Companies to whom you make regular payments.
  5. Instruct staff with responsibility for paying invoices to be cognisant of checking invoices for irregularities and checking out their concerns with the Company requiring payment.
  6. Consider setting up a system whereby when an invoice is paid you also send an email to the recipient informing them that payment has been made and to which bank account. Be mindful of account security and consider including the beneficiary bank name and the last four digits of the account to ensure security.
  7. Fraudsters may have found information regarding contracts and suppliers on the victim organisation’s own websites. Consideration should be given as to whether it is necessary to publish information of this type in the public domain as it has been demonstrated that it can be used to facilitate fraud.
  8. For payments over a certain threshold, consider organising a meeting with the company who are requesting payment, and satisfy yourself that payment will be sent to the correct bank account and recipient.

Ways we can help