An invoice fraud case study

A client received an email containing an invoice for the amount of £103k, which the client was expecting to pay. The payment wasn’t due until the following month therefore they didn’t act upon this invoice. They then received a second email following on from the original email trail with a new invoice attached advising that they were having issues with their bank account and provided new account details to pay.

The client then submitted a payment for the amount requested to pay an account held with another bank.

The client was made aware of the fraud when they were contacted by their genuine supplier who claimed that they hadn’t received the funds. The supplier confirmed that the bank details on the second invoice were not theirs.

The client's IT Team investigated to see where the email interception happened, however, the money transferred had already been moved on by the fraudsters by the time the alarm was raised.

Our approach to preventing invoice fraud

You upload invoices for recipients to our secure file sharing platform. Recipients of your invoice receive an email alert informing them that an invoice is available.

See below for snapshot from our platform. It shows an email alerting the recipient of the availability of a new file in the document exchange.

Access to an invoice is via the document exchange and not through the mailbox. Once the link in the alert email is selected by the recipient, they are directed to the document exchange to access the invoice.

This ensures that even if the email of the recipient is compromised file access is not compromised as it's through the secure document exchange the invoice is viewed and any file in the document exchange cannot be edited.

Below is a snapshot of the document exchange.