CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Don’t fall for it! How scammers are tricking businesses with fake invoices

admin by admin
May 27, 2023
in Information Security


Invoice scams, where employees receive requests for payment from legitimate sources or routine services, are on the rise. Learn what to watch out for.

Picture yourself in a position where you’re in charge of approving and paying capital expenses for a big-name company worth tens of billions of dollars.  

One afternoon, you get an email from your assistant to green-light an invoice totaling $400,000 for renovations to a luxury investment property. In your office, that’s a normal cost and a usual expenditure. As a matter of routine, you might move forward to pay the bill, very nearly overlooking the minor detail that your assistant’s email address is missing one letter from their name. 

That’s precisely what happened to a bookkeeper for Barbara Corcoran, founder of real-estate giant Corcoran Group and host of the popular TV show Shark Tank.  

In the case of this invoice scam, the property in question didn’t exist and the renovation company was fake, but the money transferred would have been very real. It was only because the bookkeeper emailed the assistant back at their proper email address that the fraud was discovered and avoided. 

This is a micro example, a case where the bad actor targeted a very specific person for a very large amount of money. But, new information in the Avast Q1/2023 Threat Report indicates invoice scams are growing more prevalent, and they’re not exclusively targeted at celebrity executives. 

Invoice scams are on the rise 

Invoice scams, also called a Business Email Compromise (BEC), or an Email Account Compromise (EAC), are a type of online fraud where hackers attempt to deceive businesses or individuals into paying fake bills. 

These scams can take many different forms, but they most often involve bad actors sending invoices that appear to be from legitimate sources such as trusted vendors or well-known brands.  
 
Raising the stakes, the requests often employ tactics that heighten the recipients’ sense of urgency. This could come as a threat that essential services will be shut down, or the target individual or company will be reported to credit agencies for defaulting on an overdue payment. These tactics are intentionally employed to encourage the recipient to overlook safety precautions and quickly pay before they get into trouble. 
 
Most everyone has received emails masquerading as alerts sent from services like PayPal (they’re not from PayPal). We’re all already aware of such tactics and spot them easily when the return email address looks suspicious, or the content of the email seems off. 

In more modern tactics, some fraudulent invoices arrive through legitimate sources. The invoice appears more legitimate because it’s being sent from an authentic financial transfer service. The website and email may be real, but the goods/services invoice from the scammer, who has obtained your name and email address, are entirely illegitimate.  

Findings from the Avast Q1/2023 Threat Report 

At the macro level, invoice scams are trending up, and anyone can fall prey to the threat actors using them. This is according to the Avast’s data-centric view of the latest tactics, threats, and exploits that cybercriminals use to infect systems, steal information, and defraud companies of their funds. The insights consider data at a global level, and invoice scams are everywhere. 

The most recent report reveals that the incident rate of invoice and refund scams has risen by as much as 50% in only the last three months. The numbers range by region, with Japan reporting the highest increase at 50%, a 26% increase in the United Kingdom, 21% in Canada, and 19% in the United States. 

 

Global risk ratio for refund and invoice scams in Q4/2022-Q1/2023. 

At a global level, company leaders must inform themselves and their employees about the latest trends in criminal activity to elevate their preparedness against the most current threats to systems, data, and finances. 

Fighting invoice scams starts with awareness 

Awareness of invoice scams is crucial to protect individuals and businesses from falling victim to fraud in today’s digital landscape. By understanding the tactics employed by bad actors, individuals and employees can develop a healthy sense of skepticism and caution when dealing with any request for payment that seems even slightly out of the ordinary.  

What are the signs of a fake invoice? First: you don’t recognize the bill. It’s easy for an individual to know they didn’t order new power tools from a big-name retailer. It’s harder when an office employee receives an invoice for legal services. In that case, it’s easily stopped by checking with others in the office. Nobody ever got in trouble for confirming a bill before they sent payment. 

Elevate your skepticism when you see extreme calls for urgency. A family member you haven’t spoken to for months is not going to jail unless you send cash to a judge via courier today. Your credit rating cannot be destroyed overnight if you don’t send a payment in cryptocurrency. Your boss is not going to fire you if you call them before responding to an email to buy $2,000 worth of gift certificates. 

Double-checking the email is another effective way to avoid invoice scams (and questionable emails in general). Even if the invoice comes from a legitimate source like PayPal or Quickbooks, you can dig deeper into the paperwork and see if the requestor’s name is misspelled or comes from a red-flag domain like michael@paypalservices1334.ru.  

By fostering awareness, you can enhance resilience against invoice scams and minimize the risk of financial loss. Moreover, spreading awareness about invoice scams through educational campaigns, workshops, and information sharing about industry peers can contribute to a wider effort in combatting cyber fraud and promoting a safer online environment for everyone. 



Source link

Previous Post

Illuminatecautious

Next Post

Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data

Related Posts

Information Security

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

by admin
June 8, 2023
Information Security

AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer

by admin
June 8, 2023
Information Security

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

by admin
June 7, 2023
Information Security

Updated AWS Ramp-Up Guide available for security, identity, and compliance

by admin
June 7, 2023
Information Security

Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App

by admin
June 6, 2023
Next Post

Severe Flaw in Google Cloud's Cloud SQL Service Exposed Confidential Data

Recommended

Illustratenonlinearlogic

June 8, 2023

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

June 8, 2023

AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer

June 8, 2023

Inflection ~ Future of CIO

June 7, 2023

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

June 7, 2023

Updated AWS Ramp-Up Guide available for security, identity, and compliance

June 7, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.