by peter


Business Invoice Fraud Explained


Risk Rating:
Likelihood: /5
Impact: /5


  • Inadequate user training
  • Poor phishing protection
  • Badly configured email servers
  • Lack of invoice validation

Business Invoice Fraud Overview

Even the largest technology firms in the world aren’t immune to invoice fraud. According to an investigation by Fortune Magazine, both Facebook and Google unwittingly fell victim to a massive business invoice fraud scheme back in 2013. The fraudster, a Lithuanian man known as Evaldas Rimasauskas, created invoices impersonating a large Asian-based manufacturer that frequently did business with the two companies to trick them into paying for bogus computer supplies. Over two years, the fraudster duped the two tech giants into shelling out tens of millions of dollars. By the time the firms figured out what was going on, Rimasauskas had absconded with more than $100 million.

But Business Invoice Fraud is not just big business. Small businesses and charities are regularly targeted with invoice fraud because they are significantly more likely to fall for the fraud. In the first quarter of 2022 alone, Hedgehog responded to 2 of these frauds a week.

What you need to know about Business Invoice Fraud

Business invoice fraud attempts to trick you into paying out on a fraudulent (but convincing) bill addressed to your organization. In reality,the funds you pay will go to imposters mimicking your suppliers. These hackers are often willing to bill you an amount that appears reasonable so as not to draw suspicion — like £1,000. But executing these scams hundreds or thousands of times quickly adds up.

The simplest way to prevent these scams from being effective is user awareness training, regular policy communication and good IT configurations. A very good way to spot these attacks is to only ever process an invoice after a verbal communication with the person sending the request. But only ever use the contact details you have, not the contact details they supplied.

How business invoice fraud happens

In a attack Business Invoice Fraud attack, you’ll be sent fake invoices attempting to steal your money in the hopes that you’re not paying attention to your accounts payable processes. Hackers will target you based on the size of your business, location and the suppliers you use and create phony invoices that appear legitimate. With the hopes that your accounts payable department is backlogged, they send false invoices with high demands like “90 days past due, pay now!”

Attack Sources

While there are numerous individual scammers pulling off business invoice fraud, many are sourced to fraud rings that havethe organization and the resources toresearch your banking institution and creat ea billing experience that feels real. Fraud rings are conducting  scams can be found all over the world. Invoice fraud costs UK businesses £93 million ($122.8 million USD) with 3,280 invoice and mandate scam cases last year, according to a recent report.