As a small business, you want to make sure you’re doing the right thing by others, and that means making sure you pay your supplier invoices. Coming up to EOFY, this can mean more invoices than usual. But not all invoices may be as they seem.
Ever opened an email and got a feeling that something was slightly off? Or perhaps an email from your manager using unusual language? These could be signs of a sneaky scam called Business Email Compromise (BEC), or fake invoice scam.
What is Business Email Compromise?
Imagine you’re a small business owner, swamped with invoices from suppliers. One day, an email pops up – it looks legit, with your supplier’s logo and everything. You approve the invoice and send off the payment, business as usual.
But here’s the twist: that invoice was a fake, sent by a cyber criminal pretending to be your supplier. This is BEC, or fake invoice scam, and you’ve just been tricked into sending money to the wrong hands.
How do fake invoice scams work?
In a fake invoice scam attack, hackers use clever tactics to impersonate someone you trust, such as a supplier or even a colleague or manager. They might use a slightly altered email address or even hack a legitimate account to make their scam even more believable. Their goal? To steal your money or trick you into giving up sensitive information.
Usually, scammers get access to a business’s email account and use it to send fake invoices or edit legitimate ones. By inserting their own bank details, they trick businesses into paying money directly to them. Some of these fakes are so convincing that they can be difficult to spot before it’s too late.
The scary part? It’s not just you who can be targeted. Hackers can also hijack your company email and use it to send out fake invoices to your own customers. This can damage your reputation and cause a major headache.
How to avoid a fake invoice scam?
So, how can you sniff out a fake invoice scam before it’s too late? Here are a few tips:
- Double-check email addresses: Always scrutinise email addresses carefully. A tiny typo or a different domain name can be a red flag.
- Beware of urgency: Hackers often try to pressure you into acting quickly. If an email demands immediate payment or uses phrases like ‘critical’ or ‘urgent’, take a step back and verify the information directly with your supplier. And make sure you use a phone number you know is correct, not one provided in the email.
- Verify invoice details: Look out for any inconsistencies in the invoice itself. Does the amount seem unusual? Were you expecting the invoice in the first place? Are there any typos or changes in payment instructions?
- Pick up the phone: Don't rely solely on email communication, especially for significant transactions. Call your supplier or colleague directly to confirm any changes in payment details, and that the invoice is in fact from them.
- Educate your team: Make sure everyone in your company is aware of BEC scams and knows how to spot them.
By staying vigilant and implementing these simple steps, you can protect your business from a fake invoice scam and keep your hard-earned money flowing in the right direction. Cyber Wardens training can also help you build small business skills across these cyber security fundamentals.
Remember, a little caution can save you a big headache.
Help protect your small business from scams and hackers with free and simple cyber security training