Invoice Interception Scams
Is Your Business at Risk?
SECURITY BULLETIN 10.03.03
The occurrence of business invoice interception scams is rising at a rapid rate. This involves the scammer obtaining invoices from:
- any compromised point in your email chain, or
- copying them from your online cloud accounting system, where all invoices are usually stored as publicly accessible links to a PDF.
Then the scammer edits the invoice and changes your bank account number to their one. Next, they resend the invoice using your usual email format. In the email text, they explain there has been change in your bank account number. As a result, the invoice is paid to the scammer’s offshore account. Almost always the money is not retrievable. This results in losses of running into tens and hundreds of thousands of dollars for the victim.
Despite continual warnings and reports of a few isolated cases in the media, there is still an attitude of complacence about invoice interception scams. It is not real until it happens to you, or someone you know. What gets reported to the media is just the tiny, tiny tip of the iceberg. This is only part of many wider threats, including ransomware, email scams, VoIP phone hacking, phone scams, etc. We will report on these threats in later bulletins.
Sabre IT has managed to keep our clients safe. However, the same cannot be said for companies our clients interact with. We have also heard about numerous cases from colleagues in both the IT and security industries. Victims of invoice interception scams and other cyber-crimes include individuals, as well as local, national and international businesses of all sizes. Furthermore, some involve nationwide companies that have worked hard to keep it out of the media to prevent damage to their reputation.
3 primary steps to protect your business from invoice interception scams and other cyber-threats
- Securing your Internet connection and what comes in through it, blocking risks. Standard ISP routers just won’t protect you for the reason that the security of these routers is very minimal. Therefore, they represent a threat to your business for a variety of reasons.
- Securing your email sending and receiving, blocking threats, malicious links and more importantly, preventing hackers re-sending your altered invoices, and pretending to be you.
- An Anti-Ransomware solution that immediately shuts down a Ransomware attack within seconds, and allows you to undo any illicit changes.
Contact us for a no obligation consultation to take your next step.
Share this Article:
General Security Advisory issued by the NZ National Cyber Security Centre Ongoing campaign of DoS attacks affecting New Zealand entities 31 August 2020 A General Security Advisory has been released