Small and medium-sized enterprises (SME's) can be particularly vulnerable to fraud due to tough economic conditions and limited resources. However, many owners and managers may be unaware of the risks their businesses face when dealing with payments and invoices for suppliers.

.

Here are some examples of how supplier invoice fraud could occur in your business

• A genuine supplier invoice is intercepted and altered to include the account payment details of the fraudster.
• Fraudsters identify businesses that make regular payments to a supplier. The fraudsters make telephone/email contact and submit a change of bank details - this is also known as invoice redirection.
• Fraudsters hack into the email system of a company's supplier. This allows them to create and send invoices from a legitimate email address or account.
• Businesses may fall victim to social engineering where fraudsters impersonate the directors or clients of a business to request the unlawful transfer of funds.

In many cases, the fraud is usually only uncovered when a genuine supplier chases for non-payment.

Here are some tips to help reduce the risk of supply chain invoice fraud and keep your business safe:

1. Conduct due diligence - check the supplier details you have on file, trading name, address, email address and telephone number as well as to conduct online searches.
2. Identify suspicious behaviour - some suppliers will issue the same amount of invoices each month. If there is any change in the usual invoicing pattern, the accounts payable team could confirm these changes with the supplier before further payments are made.
3. Single point of contact - for suppliers where regular payments are made. This person should be contacted to discuss any suspicious invoices.
4. Check every invoice - accounts payable should pay particular attention to supplier names, company logo, invoice numbers, contact information, the amount invoiced, account numbers and bank details to identify fake invoices.
5. Check supplier statements - regular reconciliations against supplier invoices received and payments made can assist in identifying any irregularities.
6. Use a three-way matching process - match the purchase invoice to the purchase order and order receipt this will help to reduce the risk of processing fake invoices.
7. Check the supplier email address - sometimes fraudsters can create an email that is almost identical to that of the original email held by the supplier which can go unnoticed.
8. Confirm bank account details - Adopt a multi-step process to validate the request to change supplier details. This may consist of an email confirmation from a single point of contact for the supplier in question and a telephone call to the supplier landline.
9. Process invoices promptly - to reduce the risk of fraud going undetected for a lengthy period of time. This allows you to identify any business request or transaction that appears suspicious or out of the ordinary and maybe fraudulent.
10. Set a threshold - where payments above this level will mean setting up a meeting with the supplier to confirm any account detail changes. The dual authorisation could be implemented for transactions above a certain limit.
11. Confirmation of payee - Many banks have now implemented a 'Confirmation of Payee' to tell you if you are paying the right person. The scheme means you can check whether the name you've been given matches the name associated with the account number and sort code you're paying, and decide not to make the payment if necessary. Check with your bank.
12. Send a payment confirmation - including confirmation of the bank account details where the payment has been made. The supplier can then promptly check to see if the payment had been received into their account.
13. Inform the victim supplier - Any suspicious correspondence should be reported to the genuine supplier and will allow them to put protective measures in place.
14. Never click on any unknown links in an email - Accounts payable should always follow their standard process for making payment to suppliers and refrain from clicking on the 'Pay Now' links sent in emails.
15. Recall the funds - If the money has been transferred to the fraudster ask the bank to attempt to recall the funds. If banks suspect criminal funds in accounts they can freeze the funds and place them into a separate holding account.
16. Always report fraud and get help - If you suspect you may have been scammed or involved in fraudulent activity, or have information about a possible fraudster, contact Action Fraud. Even if you have not suffered any financial loss, this will enable the Police to analyse trends and prevent fraudsters from exploiting other businesses.

It is important to ensure that employees receive ongoing security awareness training in identifying scams, particularly those working in accounts payable, as the consequences of falling for this type of fraud can inevitably result in redundancies and the closure of businesses.

By adopting robust internal controls and processes along with effective accounting practices businesses can go a long way towards combatting the threat of supplier invoice fraud. Businesses should look to foster a culture of fraud awareness within their workplace in order to reduce the associated risks.

The Cyber Resilience Centre can deliver your staff security awareness training through a full or half-day session either online or in-person. Sessions are interactive for attendees and build upon key learnings through examples specific to your business and the industry you work in.

Ready to prepare your staff with security awareness training? Contact us today to learn more.

Further support for Accountants

For further information regarding the help and support, we can offer your accountancy firm (including fully-funded support) you can view our dedicated support page for accountants.