Get the latest insights
delivered straight to your inbox
Sep 21, 2023
Brenda R. Smyth, Supervisor of Content Creation
Invoice fraud is nothing new. But fraudsters are clever and internal controls are critical to keep accounts payable a step ahead of criminals.
The high volume of invoices an organization receives can make scrutinizing the legitimacy of every bill seem impractical. When a trusted vendor unexpectedly emails to give you new routing information for their bank, would you check? When the CEO emails with instructions to wire money for a project you know is just getting off the ground, do you methodically comply? How much grace do you give when bills are unpaid past 30 days?
Even though accounting and banking are highly regulated industries, scores of organizations – big and small – have been duped in the past by unknown cybercriminals as well as trusted colleagues with the latest and greatest trickery. It’s estimated that middle market businesses lose almost $300,000 annually through accounts payable fraud such as these:
Phishing emails. In 2014, Scoular Co, a U.S. grain training and handling firm, was swindled out of more than $17 million through an international email scheme. Hackers accessed the CEO’s email address and gave the controller instructions to pay a company in China (where they were expanding). Everything looked legit – even suggestions for verifying the request – and the money was wired.
Fake company billing schemes. In 2002, a CPA for Kia Motors America embezzled almost a million dollars from her employer. She set up a fictitious business with a name to resemble the U.S. Customs Service along with a bank account, and proceeded to send invoices and receive payments from her employer until being caught in 2006.
Local news stations regularly warn consumers about the latest scams, recommending vigilance. But there’s less chatter about the scammers attempting to trick businesses every day with payment cons. The best way to protect your organization is through dual authentication, advises SkillPath controller, Diana Edgecomb. Edgecomb is a licensed CPA, has a Master of Science in Accounting and has worked as a corporate controller since 2014. She suggests “trust but verify” as standard operating procedure.
Here are some basic suggestions:
Invoice fraud offers a big bang for the buck to cybercriminals. These crooks are counting on an organization’s high invoice volume to hide their attacks. They know you’re busy and they want to trick you into thinking you’re getting an email or invoice from someone you know and wiring money to an authorized bank account. As always, vigilance is more important than ever.
Brenda R. Smyth
Supervisor of Content Creation
Brenda Smyth is supervisor of content creation at SkillPath. Drawing from 20-plus years of business and management experience, her writings have appeared on Forbes.com, Entrepreneur.com and Training Industry Magazine.
Latest Articles
Article Topics