You have 0 free articles left this month.
Register for a free account to access unlimited free content.
accountants daily logo

How to spot a dodgy invoice every time


Putting in place five simple procedures to track, check, and match crucial details will leave fraudsters with fewer chances to profit.

By Gerard Mondaca 14 minute read

Invoice fraud, also known as “false billing”, happens when criminals redirect payment of your outstanding invoices to a fraudulent bank account via fake invoices, employee or supplier impersonations or invoice manipulation from an email hack.

Anyone can fall victim to invoice fraud. Australian businesses lost $277 million to payment redirect scams in 2021, according to the ACCC. However, understanding how it happens and putting security in place can minimise the risks.

Subtle opportunists


Fraudsters are opportunists — they spot vulnerabilities in accounts payable processes to defraud organisations. It works like this: a fraudster sends an invoice to your business via email. The email will typically have an invoice attached detailing the purchase order and payee details. These emails and invoices may seem genuine but there are intricate details that accountants or office administrators can miss.

For example, the email address could look like it is from a legitimate supplier, but the fraudsters have replaced an “o” with the number “0”. Or the invoice attached may have a malicious link that could infect your organisation’s network.

Within the content of the email, the fraudster will provide a new bank account number and request that all future payments are processed. Once this happens, it is already too late. The scam is often detected when the original supplier asks why they have not been paid.

Types of invoice fraud

  1. False, inflated or duplicate invoices

Inflated or duplicate invoices are a huge nuisance to accounts payable departments. Fraudsters love this tactic because it is easy and with the right timing, organisations may be paying twice or paying at an inflated price. In addition, fraudsters may collaborate with a malicious insider in the organisation to carry out other fraudulent activities.

  1. Third-party supplier or vendor impersonations

Fraudsters understand that employees are much more likely to reply to a genuine supplier instead of unknown individuals. So they impersonate a supplier by changing their email address, copying the company logo, and using the supplier’s personal information.

  1. CEO/CFO fraud

In this scheme, fraudsters impersonate executives, sending fake emails authorising urgent payments. This type of invoice fraud can be tricky and manipulative, especially to accounts payable clerks who are not properly trained and unsure what to do.

Detecting invoice scams

Always stay alert when scanning through an invoice. To ensure you do not fall victim to invoice fraud, make sure to double-check the invoice of the following:

  1. Email addresses
  2. Contact information
  3. Invoice number and purchase order
  4. Dates
  5. BSB and account number
  6. Company information and logo
  7. Goods and services
  8. Speed of payment

Put procedures in place

Once you understand how this type of fraud works it is essential to establish procedures to protect your organisation from invoice fraud.

  1. Establish call-back procedures

If you suspect fraudulent activity or notice changes on an invoice, immediately contact the supplier or vendor. By conducting a call-back you can verify that the banking details or information is correct.

  1. Set up two-factor or multi-factor authentication

By setting up two-factor or multi-factor authentication on your email, you can prevent fraudsters from hacking your email accounts. You can also avoid becoming a target by fraudsters who may want to use your email to defraud your clients. According to Microsoft, MFA can prevent 99.9 per cent of attacks.

  1. Track invoice activity

When you track each invoice and update an invoice, you will be able to notice all the changes that occur. Changes like the frequency of invoices or description of items are components you should keep an eye out for. These changes may occur and could seem suspicious. It may look legitimate. However, you should always double-check with the supplier to make sure.

  1. Employ three-way matching

This allows you to verify a supplier invoice by matching the invoice to the purchase order and receipt of goods. The primary purpose is to prevent any fake invoices or fraudulent invoices.

  1. Double check BSB and account number

Finally, it is crucial to ensure payee details such as the BSB and account number are accurate. A slight change may be enough to fool you. Fraudsters are known for requesting changes in payment details. Always verify the payee’s information before finalising payments.

The bottom line

Statistics demonstrate that invoice fraud is a serious problem. Threats can come in all forms and target a variety of individuals such as employees, executives and vendors.

With large batches of invoices coming into a business each quarter, accounts payable departments are too buried in paperwork and workflows to be worried about preventing invoice fraud.

There’s also a lack of awareness and investigation — but the bottom line is that organisations need to be aware and act against invoice fraud in order to avoid this increasing threat.

By double-checking invoices, confirming with suppliers, strengthening internal controls, and applying security software, you can significantly minimise the risk.

Gerard Mondaca is community security manager at Eftsure.



You need to be a member to post comments. Become a member for free today!
You are not authorised to post comments.

Comments will undergo moderation before they get published.

accountants daily logo Newsletter

Receive breaking news directly to your inbox each day.