Phishers Sending Fake Invoices

A concept image of a magnifying glass with a wooden handle on a textured white surface showing the word authentic but magnifying the word fake resembling counterfeitting

Employees with job functions that involve viewing or processing invoices are prime targets for scams. Cyber-criminals have recently been attempting to fool employees into paying for products that the business didn’t order and may not even exist. So far we have seen fake invoices for things like office supplies, website or domain hosting services, directory listings, and more.

How the scam works
The business receives a letter or email with what appears to be an invoice. The person in charge of processing invoices at the business isn’t aware of the scam, and they handle the bill normally, paying the scammer without further investigation. One potential wrinkle involved can cause issues even if the invoice isn’t paid: opening one of these invoices could infect the business’ system with malware.

How to spot the scam

  • Make sure that the people processing invoices or answering phone calls are aware that these scams exist. Cyber-criminals are great at mimicking logos, official seals, fonts, websites and more.
  • Develop a system for inspecting invoices, and verify that goods or services were ordered and delivered before paying.
  • Select a small group of employees to approve purchases, receive shipments, and pay the bills for consistency.
  • Verify the invoice is official. Watch this video for tips on how to verify authenticity of an invoice.
  • Utilize an email filtering service, such as the one provided as a part of ITSecurenow’s Proactive IT to prevent bogus emails from reaching your staff.

Remember, with the ever-changing landscape of online security and cyber crime it is important to stay in the loop, and take proactive measures to prevent your business from being a target.

This entry was posted in ProactiveIT and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *