Half (50%) of UK business owners and senior managers are leaving themselves vulnerable to invoice fraud by failing to take basic precautions, according to research commissioned by Santander Business.
The research found that only half of business owners and senior managers would check the details of an emailed invoice when asked to make an online payment, leaving them at risk from scammers posing as legitimate payees.
Among those who said they would check the details, two fifths said they would be satisfied doing this simply by calling the number on the email with the invoice – leaving them equally vulnerable to sophisticated scammers who can impersonate legitimate payees over the phone.
Just under two fifths (39%) of business owners and senior managers said they would agree to pay fees to accountants into a new bank account following an email request, without making any checks to establish whether the request was genuine.
Sue Douthwaite, managing director, Santander Business: “By not checking invoice details carefully before making an online payment, small businesses are leaving themselves dangerously exposed to fraud. It’s very concerning to see large numbers of businesses are putting themselves at risk unnecessarily.
“The criminals behind these attacks are getting increasingly sophisticated. I would strongly urge business owners and managers to ensure they have robust controls in place to prevent fraud and are always on their guard. Before attempting any payments, businesses should always double check the details directly with the company, and in cases of suspected fraud, contact the bank immediately.”
Invoice fraud is one of the fastest-growing scams hitting UK business. In its most recent Fraud Update, UK Finance reports that invoice scams were the third most common type of Authorised Push Payment (APP) scam. £49.3m was lost by victims as result of invoice scams in the first half of 2018, the majority from non-personal or business accounts.
In an invoice scam, the victim believes they are paying an invoice to a legitimate payee, but the scammer instead convinces the victim make the payment to the scammer’s account. This type of fraud often involves email interception or compromise.
Top five tips to prevent invoice scams:
Be vigilant – check carefully when a supplier asks you to change their bank account details, name, address or the invoice.
Confirm all supplier payments with brand new or changed financial details using contact details already held on file or on a publicly available number.
Check bank statements carefully. Report any suspicious transactions to the bank immediately.
Ensure your business has robust internal processes in place to protect you from fraud and scams, including those around changes of payee.
Think carefully about publicly available information on your business which could be used by a fraudster and put you at risk of fraud. This could be on your website or in your office/business location. Remove anything unnecessary.