Monday 11th March, 2019
According to research commissioned by Santander Business half (50%) of UK business owners and senior managers are leaving themselves vulnerable to invoice fraud by failing to take basic precautions.
The research found that only half of business owners and senior managers would check the details of an emailed invoice when asked to make an online payment, leaving them at risk from scammers posing as legitimate payees.
Among those who said they would check the details, two fifths said they would be satisfied doing this simply by calling the number on the email with the invoice – leaving them equally vulnerable to sophisticated scammers who can impersonate legitimate payees over the phone.
Just under two fifths (39%) of business owners and senior managers said they would agree to pay fees to accountants into a new bank account following an email request, without making any checks to establish whether the request was genuine.
Invoice Fraud is one of the fastest-growing scams hitting UK business. UK Finance reports that invoice scams were the third most common type of Authorised Push Payment (APP) scam. £49.3m was lost by victims as result of invoice scams in the first half of 2018.
Sue Douthwaite, Managing Director, Santander Business: “By not checking invoice details carefully before making an online payment, small businesses are leaving themselves dangerously exposed to fraud. It’s very concerning to see large numbers of businesses are putting themselves at risk unnecessarily.
“The criminals behind these attacks are getting increasingly sophisticated. I would strongly urge business owners and managers to ensure they have robust controls in place to prevent fraud and are always on their guard. Before attempting any payments, businesses should always double check the details directly with the company, and in cases of suspected fraud, contact the bank immediately.”
In an invoice scam, the victim believes they are paying an invoice to a legitimate payee, but the scammer instead convinces the victim make the payment to the scammer’s account. This type of fraud often involves email interception or compromise.