In case you haven’t heard about it, there is a fake invoice scam that has been circulating targeting business owners. These scams may be an attempt to fool you or your employees to pay for products or services you haven’t really availed or may not even exist at all. It’s similar to smishing, but the fake invoice scam is usually sent via email.
Other times, these scams require you to download and install a file that contains malware. This malware is created to steal your private information, usually related to banking.
How does the fake invoice scam work?
There are different versions of this scam but, by and large, you’re sent a legit-looking invoice that has a subject looking like this:
Sometimes, it may be labeled “past due” or “due immediately” to make you even more uneasy thus luring you to click on the link or attachment in the email. At times, it is written in a different language to arouse your curiosity and click on the links.
The emails may look like this:
It may work in three ways:
- You or your staff opens the email containing the fake invoice scam then the summary of the “payment due” shows up without the need to download anything then you pay the amount. Other times, you may also receive phone calls asking you to pay for the said cost.
- You or your staff downloads the email attachment, which is often a document or a spreadsheet, then you enable “macro” to open the file. According to Telegraph, this “macro” is actually instructions for a computer that installs malware, which then steals our financial information particularly the online banking details.
- You or your staff downloads the attachment. It then installs in your PC, steals your information, then threatens to publish it or blocks you from accessing a certain site unless you pay a ransom. This is called ransomware.
How to avoid invoice scams
- Increase awareness in your team. If you have employees, let them know about the fake invoice scam modus operandi. Warn them that these messages may look official because scammers can replicate logos, signatures, taglines, and many more to make the emails appear legitimate.
- Have an invoice-checking system. It all depends on how you handle it, but you should have a counterchecking system in your organization. This can be calling the supplier to authenticate the invoice. Also, tell your team not to enable macros when opening suspicious documents.
- Secure your system. Have an antivirus installed, enable a firewall, and make sure these security systems are always up to date. If possible, have a computer dedicated to making payments only. Opening emails and other transactions should be made on a different machine.
- Use secure software only. If you’re using the latest technology in running your business such as using online accounting software instead of traditional ledgers, make sure your software is secure and all your data are backed up. So when some of your information is compromised, you still have another copy.
And don’t forget to share this article (or this image) and let others know!
Oojeema is the country’s first online accounting software designed specifically for Philippine businesses.