Chapter 1: The Threat of Invoice Fraud

Invoice fraud continues to thrive and is a lucrative scheme for scammers. However, you can safeguard yourself from becoming a target.

The tactic involves fraudsters sending counterfeit invoices that appear to be from legitimate suppliers. Often, these invoices will claim that payment details have changed and instruct you to use a new method. Many times, the fraudsters are aware of existing supplier relationships, which makes their deception more convincing. This fraud is typically uncovered only when a legitimate supplier inquires about non-payment.

Should a payment be made to these scammers, recovering the funds can be nearly impossible. Therefore, it's crucial for finance teams to establish formal procedures for processing payments, particularly when there are changes to payment information.

With the advent of the Internet and affordable messaging options, fraud, especially invoice fraud, has become alarmingly scalable. For instance, if a scammer aimed to send 2 million paper invoices to businesses across the United States, the postage alone would cost over $1 million. In contrast, sending 2 million emails can be accomplished for less than $100.

I regularly encounter fraudulent invoices in my email. A recent trend involves scams regarding auto-renewals for Norton antivirus software. My Gmail spam folder shows that I've received numerous such emails recently.

A brief examination of these messages reveals numerous red flags indicating their fraudulent nature:

• Some misspell "Norton."
• None of the emails address the recipient by name or company; instead, they use generic terms like "DEAR member," "dear honest PURCHASER," or "DEAR special consumer."
• They are sent from a Google Gmail account.

The invoices in these emails typically range from $200 to $300. Initially, the scam may not seem significant, and even if a victim does fall for it, the financial loss may not appear substantial. However, attempting to cancel the auto-renewal often leads to a situation where you are directed to a cancellation page, as heard in this call with a scammer.

After filling out the form, the scammer instructs you to install AnyDesk remote desktop software. While AnyDesk serves legitimate purposes, in this context, it gives the scammer full access to your computer. They falsely claim that it is necessary to generate a cancellation code.

Moreover, they may request you to alter two critical security settings in AnyDesk:

1. Disable notifications for incoming sessions, allowing them to connect to your computer without your awareness.
2. Enable AnyDesk Privacy Mode, which sounds like it enhances privacy but actually obscures your screen, enabling them to operate without your knowledge.

Once AnyDesk is installed, the scammer will ask you to log into your bank account to process a refund. They aim to access your bank details and transfer funds out, specifically requesting that Privacy Mode be activated to hide their actions.

When I mention that I can access my bank account from my tablet, the scammer insists it must be from a desktop. His responses are absurd, yet scammers frequently resort to deceit, as you can hear in this call.

The scammer grows increasingly frustrated when I refuse to log into my Chase account from the desktop, realizing that the scam will fail if I don't comply.

This scam exhibits three significant warning signs: a suspicious email, an illegitimate cancellation form, and the demand to install software. No credible company would require such steps to cancel an unauthorized transaction.

So, why do individuals fall victim to these scams?

• Trust and authority: Many people accept claims without verification, often yielding to perceived authority when asked to pay an invoice.
• Multitasking: Juggling multiple tasks can lead to overlooking scam indicators.
• Being caught off guard: When calling to cancel an auto-renewal, individuals may be unprepared for requests to install software and access their bank accounts, leading them to comply.
• Lies: As heard in the scam call, the scammers deliver continuous falsehoods. For example, non-technical users may not realize that the AnyDesk code is not a cancellation code but rather a means for the scammers to gain access to their computer. Furthermore, there is no legitimate reason to log into a bank account for cancellation, but many will follow instructions blindly.

Can we put an end to invoice fraud?

Absolutely, by applying common sense. However, as Robert Smith of the Financial Times noted in "We all need to stay alert to the ancient art of invoice fraud," if history is any indication, banks will continue to be deceived for years. This highlights a timeless truth in the realm of finance: fraud is an ever-present threat.

If large banks can be deceived, smaller businesses are equally vulnerable. While invoice fraud is a persistent issue, it doesn’t mean you have to fall victim.

Chapter 2: Recognizing and Preventing Scams

In this video, Ben Rothke discusses how to avoid becoming a victim of scams, sharing insights that can help individuals and businesses stay safe.

This video covers the increasing use of fake invoices by scammers and offers practical tips for recognizing and preventing these deceptive tactics.