Invoice fraud: Everything you need to know

by Egress
Published on 30th Mar 2022

Our 2022 report: Fighting Phishing: The IT Leader's View found that 44% of organizations have been tricked into making fraudulent payments during the past 12 months.

Invoice fraud is an attack used by cybercriminals where they'll impersonate a trusted colleague, vendor, or supplier to extract payment information or request a transfer of money. There are a few approaches to this method that criminals use, including sending a notification that supplier payment details have changed, sending a fake invoice to receive payment, or sending instructions to have money wired somewhere else. 

So what's making these types of attacks so successful?  

Invoice fraud criminal tactics

Deployment of this attack can unfold in a multitude of circumstances which makes it difficult to defend against. Cybercriminals use various forms of social engineering to convince the victim to either send money somewhere or provide the banking information to have money stolen. Regardless of the invoice fraud objective, it will likely be carried out through email by either spoofing the sender’s address or using stolen login credentials.

Email spoofing 

In email spoofing, the scammer tricks a recipient into believing the message is from a trusted vendor or work colleague (such as an executive). By forging the email header to display as if it’s being sent from the person's actual address, the recipient would assume the message is indeed from that person — fulfilling the fraudulent scam.   

Similarly, a less sophisticated scammer could also create an email address very similar to the domain they're impersonating. For example, they could send the email as when the company and that person really use the domain — just off by one character. 

Account takeover

The other option is to take over a legitimate email account with an organization or one of a trusted supplier. A scammer could easily do this by sending a phishing email that impersonates the email provider, stating they need to re-enter their credentials or complete another request. Upon clicking the link, the victim is taken to a spoofed web page to enter their username and password. The cybercriminal can now send fraudulent invoices from a trusted email account and will be able to evade traditional email security.   

Alternatively, keystroke logging can capture data on what keystrokes are being typed. Although more difficult from the criminals' point-of-view, they would be able to use software to decipher a user's email account credentials and start the fraud process.     

Someone within a finance team is far more likely to process an invoice coming from an email address they know and trust. If a senior executive’s email account has been compromised, junior employees are more likely to be pressured into breaking process and authorizing fraudulent payments. 

What to watch out for

It takes a solid level of intuition and awareness to prevent yourself from falling victim to invoice fraud. Here are several details to remember and watch out for as scammers continue to use this attack to defraud all types of organizations:

  • Check the sender's email address for spoofing either by forged displays or slightly variant domains 
  • Evaluate the message's request to see if "normal" and within the standard procedures for the request — when in doubt, call the work colleague or vendor to confirm the request 
  • Continuously check your email account activity to see if there have been logins on other devices or IP addresses    
  • Keep an eye out for phishing emails, mainly targeted at high-level executives, attorneys, and personnel in the financial department 
  • Watch for potential scams from email providers about "changing your credentials," as they could be phishing for your username and password 

In addition to watching out for these attributes of a potential invoice fraud attempt, be sure to provide adequate awareness training to employees and deploy intelligent email-security tools that can defend against human error.    

Intelligent email tools neutralize phishing attacks  

Intelligent email security products like Egress Defend help stop invoice fraud in its tracks by focusing on helping the assets that will be targeted the most— your people. Most of these incidents stem from phishing scams that steal the victim's credentials or impersonate someone to acquire financial information — both of which are achieved at the human level. 

An intelligent email security solution allows you to detect and notify your users of potentially threatening emails in real time. Additionally, natural language processing (NLP) gives your system the ability to understand message intent, which combines nicely with the machine learning (ML) capabilities to understand sender and recipient relationships better.