Based on a Report from the ACCC
False billing topped the list of reported frauds affecting business in 2019. False Billing is where a party sends your organisation an invoice requesting payment when none is due.
This can be done by using an invoice from an existing supplier and changing the bank and contact details. Or it can involve sending an invoice from a ‘new’ supplier.
The fraud can be further facilitated by pressure and aggressive tactics. They may state that the payment is urgent. They may threaten legal action if the invoice is not paid immediately.
These kinds of fraud are often undertaken after conducting extensive research in preparation.
For example, they may use social media to ascertain when a senior staff member is away, and then send fraudulent emails as that person requesting urgent payment of the fraudulent invoice.
Staff members may have had their email accounts hacked. This can even allow the hacker to reset passwords in key software to facilitate payments, which then happen without the company’s knowledge.
Accounts Payable staff can be particularly vulnerable to email hacks as they have access to your financial software, and they facilitate payments. The hacks can be made easier if the password for their email account is used also in social media or other web applications.
How do you prevent fraud of this kind ?
- Ensure that the bank details of every incoming invoice are compared to the Vendor Master.
- Vendor maintenance should be done by a staff member who is not also involved with accounts payable processing
- Vendor details are confirmed directly with the vendor using contact details not found on the invoice. Do not trust that you are talking to the correct organisation if you simply ring the number on the document.
- Be suspicious if a lot of pressure is being applied for an invoice to be paid urgently
- Do not trust payment instructions that may be contained in emails – always ring first.
- Never re-use a password in more than one application.
- Use pass phrases not passwords
- Changes passwords / phrases often
- Ensure all staff have been thoroughly trained in IT security