Earlier this year fake legal correspondence cost an Australian home buying couple $800,000. The couple were working with their solicitor on the final steps of their property purchase. They received an email from their solicitor containing bank details for the final transfer. They attended to the payment of an $800,000 amount in response to this email thinking it would secure their property purchase. However, the email was fake and the bank details belonged to the scammers.

It is believed that Australian businesses are being exposed to fake invoice / payment re-direction scams on a regular basis. Australian Competition and Consumer Commission (ACCC) statistics reveal that Australians have lost over $2 billion per year to scams over the last few years. Less than 5% of money lost to scams is ever recovered.

Is your business susceptible to scams?

How do these fake invoice / payment re-direction scams work?

• A supplier sends an invoice or some other correspondence to a customer.
• The document is intercepted by a scammer that substitutes their bank details before it reaches the customer.
• The customer pays using the incorrect bank details.

What are the implications if your business gets caught up in such a scam?

Regardless of whether you paid a fake invoice or whether your system was hacked and your customer paid a fake invoice – your business will lose.

If you paid a fake invoice – your supplier is likely to ask for the invoice to be paid “again” as they didn’t get the funds.

If you are the supplier – you are out of pocket and likely to expect your customer to pay “again”.

Either party might hold the other responsible or perhaps they consider their financial institution is responsible.

So who pays? This is an interesting quandary that was considered recently in an Accountants Daily article. It is complex matter and will often depend on the specific circumstances of the case. See article Who pays when scammers redirect an invoice for further details.

How to prevent failing prey to such a scam.

The most important thing your business can do is take steps to avoid getting caught up in such a scam.

1. Be alert for warning signs of fake invoices

Often the fake invoices can be spotted if you are mindful of things like:

• Unfamiliar vendors
• Spelling or grammatical errors
• Poorly laid out invoices or inconsistent logos.
• High pressure demands for quickly payments including late payment penalties or unusually high early payment discounts.

2. Establish call back procedures

Be careful if a business you regularly deal with has changed bank details. Whether it is an existing supplier that has changed bank details or a new supplier you are sending a substantial amount to we suggest you call the business you are dealing with to ensure the bank details are correct. When calling to check bank details – make sure you use independently sourced contact details – don’t rely on the suspected “fake” correspondence

3. Establish an invoice matching system

Checking invoices received against purchase orders or your goods received records may help identify any fake invoices.

4. Set up two factor or multiple factor authentication on your emails

Having strong email security will prevent scammers from hacking your email accounts. This will help prevent your email being used to defraud your clients.

5. Educate staff

Staff are often your first line of defense. Ensure they have awareness regarding such scams and understand the systems and processes that aid in prevention.

6. Consider e-invoicing

Bookkeeping software that incorporates e-invoicing could be a powerful tool to assist in preventing such scams. Programs like Xero have capacity to adopt e-invoicing so consider implementation of this for your business. E-invoicing allows the exchange of invoices directly between suppliers and customers via their bookkeeping software. This means emails are not used and therefore there is less chance of scammers intercepting correspondence. See this ATO information regarding e-invoicing and how it could benefit your business.

If you would like further information in relation to the above or if you feel your business needs to step up its game in order to proactively manage it’s scam risk, contact your business advisor today on 07 4688 8400.