Invoice scams targeting SME's - how to stay safe
Scammers today are not the same as 5 or 10 years ago. It’s so important to stay vigilant and learn the latest techniques they use, as it’s not always obvious even to the most tech-savvy people.
One of the fastest rising in UK businesses are invoice scams. They can take a variety of forms, and can often be hard to spot. Just look at these stats:
- 91% of cyber attacks start with a phishing email.
- 1 in 7 SME’s have been a victim of an invoice scam in 2019
- 1 in 4 employees said they would double-check an invoice before paying it.
It’s vital to train staff properly and highlight the importance of double-checking or confidently asking questions, because it’s particularly difficult to claim back money you’ve paid to a scammer. Banks tend to look at it as negligence on your side, although they will look at each case. Remember, invoices can look real, be from a trusted email address or supplier, but with false bank details on. This is often hard to flag up, but one of the few ways to do so is phone the supplier yourself on a trusted number.
We’re all busy, not least dealing with our portion of predicted 306billion emails that’ll be sent this year, and by spreading their net wide, scammers need only a tiny percentage of recipients to respond to earn a lot of money. So, one of the best ways to reduce scams is to be vigilant and not fall prey to them.
Things every business should do to avoid falling victim to invoice scams:
- Double-check every invoice. Always call the number you have on file for a business, not one that is on the invoice, and check the bank details are correct. Never assume that an incoming email, text or call is genuine. Scammers can get access to a phone number or email address, so sending a message to check just won’t cut it.
- Take your time, and ask questions. You and all employees should feel confident asking questions if someone phones up chasing an invoice. Make sure they don’t feel under pressure to make a payment – it is better to delay the payment by an hour while you get the invoice checked than to lose money to a scammer. 13% of businesses said the person who fell victim to a scammer left the company due to the experience, so for your own mental health it’s better to be sure.
- Educate yourself and your staff. One in 10 SME’s said they wouldn’t know how to spot a fake invoice, and with only a quarter of employees checking the invoice to check it’s legitimate, it’s not wonder scammers are using this method.
- Ask a colleague. Getting a second opinion on an invoice as part of the standard payment process can help you spot fake ones. Especially if the person checking is the person who made the order and knows the supplier. It will also help ease your conscience if you do fall victim, as it’s not just you who fell for it.
Report any phishing emails to the company they came from. Large companies like Paypal have a dedicated email address for you to forward suspicious emails to, to help them identify the criminals responsible and better protect their customers.
If you do lost money to a scammer, or think you’ve been targeted, report it to ActionFraud. It’s the UK’s National Fraud and Cybercrime reporting centre and works on identifying and stopping scammers. If you see a Google Advert that is suspicious, you can also report it directly to Google.
Aside from specifically invoice scams, there are general ways to keep yourself and your business safe:
- Never click a link in a suspicious email. Type it into Google if you want to check it. If you click on it or respond directly, you might inadvertently give them a whole array of data to use to track you down. They know your email is valid, they probably see your email signature, with name and contact details, they can now look you up online and the rest is history.
- Never open attachments on any email you are even slightly suspicious of. A virus could well be unleashed onto your operating system, and spread through your address book. Common phishing emails include ‘here is an overdue invoice’, which can encourage businesses to open the attached ‘invoice’.
- Use a VPN to secure your internet connection. Your data is encrypted and so is kept secure and safely away from hackers’ eyes.
- Use multi-factor authentication. If you require a new contact to give you at least two pieces of evidence to verify their identity, which you then check, such as a physical address and landline telephone number, you should be able to weed out a spammer.
- Be alert. If you’re not expecting an email from a company you trust, or the grammar or presentation of the email is bad, or you are just not sure, don’t act directly from the email. Google the company or phone number, and you’ll often see reports of scams. Contact the company directly and ask if the email originated from them. Just be aware that not everything might be as it seems.
It’s easy to understand why some recipients act first and think later – with potentially catastrophic results. But if we all stay alert, we can prosper as the web continues to evolve. To learn more about keeping your business safe why not attend the Northern Business Expo. It's the biggest business event in the North of England, offering key skills workshops, advice directly from Google, suppliers, keynotes, networking and more. Just get your free ticket online now, and come along to Manchester Central on 17th & 18th March.