The risk of invoice fraud has always been a challenge for companies to tackle, but now with the implementation of decentralised working in the wake of the Covid-19 pandemic, this risk is dangerously on the rise. If it wasn’t enough to have the Covid-19 pandemic devastate the global economy, we now have cybercriminals creating further chaos and taking advantage in this time of crisis, as they wreak havoc on businesses, society, and entire infrastructures. During 2020, many countries have already reported a dramatic 200% increase in invoice fraud cases compared to the same period in 2019. With most employees, especially in Finance Departments, working remotely, the invoice fraud threat for companies has been widened, as per this typical real-life case.
It’s a late Friday afternoon and all employees are looking forward to a long holiday weekend spent with their families. The Accounts Payable (AP) Executive receives an invoice marked “Urgent”, “Overdue”, and “Pay Now to Avoid Service Cancellation.” The invoice is supposedly from a supplier on their Preferred Supplier List (PSL) and with a cursory glance over the sender’s email address, invoice letterhead, and bank account details, the invoice looks genuine. In a rush to leave the office and with the company now implementing decentralised working and new ad-hoc business processes, the AP Executive transfers a payment of USD78,000 to the supplier that they believe is genuine. 3 weeks later at a monthly Management of Accounts (MOA) meeting, the invoice is revealed to be fraudulent.
In this real-life case, the financial damage was actually only small compared to the millions that are lost by corporate victims around the world every year, with 81% of all invoice fraud attempts made against companies, according to the AFP Payments Fraud & Control Survey. The ongoing Covid-19 pandemic which has ravaged the corporate world, has provided further opportunities for invoice fraudsters who are capitalising on a combination of employees working from home, quickly implemented changes in business processes to accommodate this remote working, and compromised internal controls and best practices as the focus switches to daily fire-fighting and business continuity plans (BCP).
Invoice fraudsters are clever and constantly refining their strategies to be more effective. For example, many trade federations have reported large numbers of fake invoices sent to companies from purported healthcare and hygiene suppliers pretending to provide antibacterial hand gels, sanitary wipes, disinfectants, and other cleaning related products and services. Of course, due to the anxiety caused by the Covid-19 pandemic, it is easy to assume that someone in the company has ordered these products or services, and for good reason. The payment is therefore processed, but the products or services never arrive and the company’s much needed and hard-earned cash has now disappeared.
Invoice fraudsters know that their invoices are often paid by people and businesses without a second thought, with small to medium enterprises (SME’s) in the UK alone losing an estimated 9 billion pounds to invoice fraud. Companies need to educate themselves and their employees, especially Finance Department and AP staff to make them aware of possible invoicing scams during the Covid-19 pandemic and emphasize that speed is not an issue where fraudulent invoices are concerned. Less communication between colleagues can lead to less control over purchases and deliveries when you are not physically at the office.