... how do you protect yourself from these ?
COVID times have brought Fake Invoice Scams into focus like never before
These times of pandemic are supposed to bring out the best in humanity. But then, COVID-19 has also brought about a significant increase in cybercrimes, as scamsters take advantage of the panic and the gullibility of people. One such area which has come into focus is fake invoices. With the majority of the businesses adopting digital invoicing and payments, “invoice phishing” is the new “hot opportunity” area of cybercrime and maybe creating widespread headaches.
Invoice phishing is not a new phenomenon. In the past, however, such incidents were limited to perhaps a lesser number of cases and mainly of large companies who were sending electronic invoices over email and other means. The COVID-19 has changed all that as more companies such as SMEs and other enterprises have started sending electronic invoices.
One of our new customers approached us to secure their invoices because they had a major incident. When this customer started sending invoices by email due to COVID-19, one of their clients claimed to receive a phishing invoice “from them”, but with a different bank account information. So the payment from this customer went to some scamster’s bank account.
This tells us how COVID-19 has translated into a great opportunity for scamsters, who now hack into the customers emails or databases or other such sources and send “authentic-looking” but in reality - fake invoices to unsuspecting customers. Since this is a new way of sending invoices, these customers end up invariably paying up for those fake invoices and it is a pain for all concerned except the perpetrators of this scam. This appears to be more common than believed and more customers are falling prey to such tricks.
There are many such incidents on the internet just in the last few weeks - Here is the case of Zoopla invoices being sent through a phishing email - Fake Zoopla invoice payment phishing email circulating, agents are warned
At an individual level, Netflix customers were targeted with a phishing email - Netflix email phishing scam targets UK subscribers - don’t be duped. In the past - many Apple users received fake iTunes bills for purchases they didn’t make. Phishers duplicated an authentic Apple email and also placed the company’s logo on the invoice, making it difficult to determine whether it was legitimate or fake.
One of the key things that these fraudsters usually take advantage of is the psychology of creating a time pressure, or by generating a sense of urgency apart from using familiar logos and names of service providers and suppliers. This in effect, makes the unsuspecting receiver part with the money without doing adequate due diligence.
A quick way is to solve this is to have the invoice generation well integrated with a secure and encrypted QR code system, that allows the invoice details (including bank account information) to be captured securely at the time of generation. Then these can be distributed as before (via e mail or otherwise) and the receiver would just need to scan the invoices using a dedicated app or via a verified web validation domain which belongs to the issuer of the invoices. This would help to spot the fake or tampered invoices immediately.
In the case of the above customer who approached us - we helped them integrate Qryptal’s secure QR code generation system with their ERP system (of invoice generation) in a matter of days and they are now sending all their invoices with the secure QR codes on them.
This is how it can be done
The invoice issuer will generate all invoices with a secure QR code which will capture the invoice details including the bank account information.
This high security, tamperproof QR code, can only be generated by the authorised invoice issuer. Since this QR code is machine-readable, the information inside can then be cross-checked using a smartphone app or even online using web validation tools.
Each QR code is unique for every invoice of a product or service. The technology can be easily integrated with the existing infrastructure and can handle the necessary processing volumes.
The issuer will convey to their customers that they need to scan the QR code and verify the details of the invoice and only then proceed with making the payment. Only the information inside the secure QR code can be trusted, anything outside maybe subject to manipulation or tampering.
Sample Invoice with Secure QR Code
Qryptal Secure QR code is privacy-friendly with no dependency on databases and no sharing of customer sensitive information. Do sign up for a trial account to see how this can work for you.
You may also like