How false billing and duplicate invoice scams costs Australian businesses millions
Nobody likes to be ripped off, but it does happen to the best of us when our guards are down, or when we don’t know what to look out for. In today’s blog, I wanted to explain the false billing scam and duplicate invoice scams, and what preventions you can put in place to avoid them.
Businesses such as my close friend's interior styling business have been hurt badly by AP fraud. A particular type of scam that involves intercepting emails, severely affected my friend’s business. She had an existing professional relationship with a furniture company and had just procured new interior furniture for a client. The furniture was delivered, and the invoice was sent out to my friend via email. Unfortunately, the email was intercepted, and scammers changed the bank details on the invoice. My friend who manually pays her invoices did notice that the bank details were different from what she had saved in her banking app, but unfortunately, that wasn’t a red flag for her to call the furniture company and double-check the details. After the payment terms had gone overdue, the furniture company enquired about the invoice payment. As you can imagine, it was a stressful ordeal concluding that neither supplier nor customer was trying to rip each other off, but that the money had been scammed. Unfortunately, the money had to be paid to the supplier again, and my friend's business suffered terribly from the loss of cash flow.
The ACCC is aware of this type of scam, it is called a false billing scam or payment re-direction scam, and it cost Australian businesses $132 million dollars in 2019. Consumer Protection commissioner Lanie Chopping said scammers were becoming increasingly clever and professional. "Impacts on victims can be crippling, both financially and emotionally," she said.
A change in Bank Details is a RED FLAG, always perform due diligence in ringing your supplier and confirming bank details changes. DO NOT inquire about bank detail changes by replying to the email, and DO NOT call the phone number on the email. Google the business phone number independently, or use your existing contact phone number.
According to scamwatch.gov.au, this is how a false billing scam works:
- Scammers hack into vendor and/or supplier email accounts and obtain information such as customer lists, bank details, and previous invoices.
- Your business receives an email, supposedly from a vendor, requesting a wire transfer to a new or different bank account.
- The scammers either disguise their email addresses or create a new address that looks nearly identical. The emails may be spoofed by adding, removing, or subtly changing characters in the email address which makes it difficult to identify the scammer’s email from a legitimate address.
- The email may look to be from a genuine supplier and often copy a business’s logo and message format. It may also contain links to websites that are convincing fakes of the real company’s homepage or links to the real homepage itself.
- The scam email requests a change to usual billing arrangements and asks you to transfer money to a different account, usually by wire transfer.
- The scam may not be detected until the business is alerted by complaints from legitimate suppliers that they have not received payment.
Another scam that was unfortunately popular in the wake of Covid 19, was for companies being sent invoices for supposedly supplied goods such as hand sanitiser and other essential cleaning products. With AP staff suddenly working remotely and with all the chaos and confusion and the rush to secure in-demand cleaning products, scammers made off with hundreds of thousands of dollars.
Sound account keeping practices can help guard against falling victim to scam. Have a clearly defined process for verifying and paying accounts and invoices, and have it all accessible on-line in the cloud for remote workers.
The last scam I’d like to mention is less of a scam, but a tactic that some less scrupulous but legitimate suppliers employ. It’s the classic ‘Duplicate Invoice’ trick. How this works is that suppliers call AP staff to enquire about a payment status for their invoice. If the invoice is not yet paid, then the supplier sends an additional invoice with a slightly different invoice number such as adding an ‘A’ or ‘01’ to the end as a reference for them as having made an enquiry. Since the PO and goods match up, often this can get missed and the invoice gets paid twice. After that, it is up to AP staff to discover the mistake and seek credit or refund from the supplier.
Additional resources such as Supplier Portals and AP automation solutions can aid with avoiding paying duplicate invoices, as well as giving clear visibility for a supplier on their invoice payment status. Supplier Portals can also free up AP employee's time answering enquiries, plus suppliers can be pro-active in updating their stock and supply situations.
AP automation such as APAY with its fraud detection engine can assist with the due diligence checking for you through rule-based commands, including GST register check, duplicate invoice check, company bank account details check, and other important checks to flag inconsistencies before payments are made.