How to block scammers? Protect Your Service Company from Fake Invoices

1. The simplest scheme: Manipulation when issuing an invoice in the accounting system

Situation‍

When reviewing invoices in the accounting system, it was noticed that one of them contains a different account number than the company one. It turned out that there was a change in the account numbers - the employee changed it to his own, trying to redirect the payment. Fortunately, basic security made it possible to detect the problem of fake company data before the transfer was made by the customer.

How to prevent this from happening?

Account number manipulation in the accounting system is the simplest type of invoice fraud. Here's how to block it:

• Block account number changes: Configure the accounting system in such a way that changing the account number requires authorization from the supervisor or additional confirmation. This prevents employees from self-manipulation.
• Turn on change notifications: Set up automatic notifications (email or SMS) for management whenever someone try to modify your account number. This ensures instant visibility of suspicious invoices or activities.
• Two-Factor Verification (2FA) : Add 2FA for accounts with access to financial settings, such as changing the account number. This is an extra layer of protection that blocks unauthorized changes and prevents you from sending false invoices.

Effect

These simple mechanisms close the possibility of manipulation in the accounting system and thus minimize the risk of false invoicing. Automatic notifications of detected anomalies and two-factor verification (2FA) allowed the company to react quickly before the customer made a payment to the fake account. Implementing these protections requires minimal effort and significantly increases security.

2. Smarter scheme: Fake invoice sent from company mail

Situation

The customer received an invoice from the company's email box, but with a different bank account number than the company's. This fictitious VAT invoice was created in a word processor, saved as a PDF and sent from a company email, even though it was not registered in the accounting system. The company had no idea about it until the customer reported the problem himself.

How to prevent this from happening?

When a scammer operates outside the accounting system but uses company mail, it is crucial to monitor outgoing correspondence to spot a false invoice. Here are the solutions:

• Monitor Outgoing Mail: Configure your mail server to automatically flag messages that contain PDF attachments or keywords such as “invoice” or “payment”. Suspicious messages can be sent to a supervisor to check the invoice amount or verify bank account numbers.
• Analyze attachments: The implementation of automatic scanning of sent PDF attachments for bank account numbers allows you to compare them with the official number of the company. If the number does not match, the system generates a false information alert for management.
• Limit the format of attachments: Determine that invoices can only be sent as PDF. Messages with other formats (e.g. text documents) are automatically flagged or blocked until verified by managers.

Effect

Outgoing mail monitoring and attachment analysis allowed the company to catch a fake invoice before it reached the customer. An alert about a PDF with a changed bank account number enabled a quick response. Professional configuration of mail servers provides full control over correspondence.

3. Advanced Fraud: Impersonating a corporate domain

Situation

The customer reported that he received an invoice from an email address that looked like a company but with a different account number. It turned out that the fraud sent a fictitious VAT invoice from his own server, but impersonating a company email address (so-called spoofing). The company had no idea about it until the customer contacted with a question about paying the fake invoice.

How to prevent this from happening?

Detecting Domain-Impersonating Invoice Fraud requires advanced mail server security. Here's how to implement them:

• Specify Authorized Mail Servers: Configure your DNS settings to indicate which servers can send email on behalf of your domain. Messages from unauthorized servers are marked as spam or rejected by receiving servers.
• Digital Signatures for Emails: Enable a message signing mechanism that confirms that the email is from your domain and has not been modified. This requires the correct configuration of the mail servers.
• Verification and reporting policy: Implement policies that specify what the receiving servers should do with unauthorized messages (e.g. move to spam or reject). Set up reporting to receive notifications of impersonation attempts, allowing you to monitor suspicious activity.

Effect

Mail server security caused the fake email to be flagged as spam, and a report of an attempted impersonation enabled the company to respond quickly. This configuration is standard in cybersecurity and effectively protects against spoofing.

4. The Most Sophisticated Scheme: Private Mail Invoice Scam

Situation

The customer received an invoice from a private e-mail box (created in the scheme [email protected]), impersonating the company address in the “From” field. The invoice, created in a word processor and saved as a PDF, contained a different account number than the company's. The company had no idea about it, and the client, unaware of the fraud, made the payment of a false invoice.

How to prevent this from happening?

This is the most complicated scheme, requiring full automation and monitoring. However, there are solutions that can help you minimize sending fake invoices from fake email addresses:

• Billing automation: Integrate the accounting system with the service or task management system so that invoices are generated automatically when the order is completed and sent from a dedicated email address (e.g. [email protected]). Let customers know on what days they can expect an automated email, so invoices sent on another day should arouse their suspicions. And if the invoice fraud actually occurs at the end of the billing period or on the day of the end of the service, the customer will receive both a real invoice and a fake one sent from a private mailbox, which should also worry him.
• Annotations in correspondence: To minimize the risk of invoice fraud, you can also make your customers aware of the potential risks. Make sure that invoices are always sent from the same email address. In addition, in order to protect your company from possible liability, you can add on each invoice and in emails the following information: “Payment only to the account [company account number]. Invoices from other email addresses are invalid. Please contact us in case of doubt at [official contact].”
• Monitoring of payments: Regularly compare the receipts to the company account with the invoices in the accounting system. If the payment did not arrive, contact the customer, asking which account the deposit was made to. In addition, automatically sending reminders about unpaid invoices speeds up fraud detection — if a customer has already paid an invoice with false details, they will definitely inform you if they receive a payment prompt.
• Mail Server Security: Implementing sender verification policies (described in section 3) reduces the risk that a fake email from your private inbox will be recognized as trustworthy by your clients' receiving servers.

Effect

Automation of invoicing made the client receive an official invoice from the system, which allowed him to notice the inconsistency with the fake invoice from the private box. Additionally, payment monitoring revealed a failure to deposit into the company's account, prompting the company to contact the customer and resulting in faster fraud detection. Such solutions require a greater investment in process automation, but it is most effective in the fight against “sophisticated” invoice fraud.

Effective protection against fictitious VAT invoices — how to implement?

As you can see, fictitious VAT invoices can take many forms — from simple manipulations in the accounting system to advanced attacks from private email boxes. As specialists in automating business processes and configuring secure servers, in case of invoice fraud we recommend:

• Simple scams: Block account number changes in the accounting system, enable notifications and two-factor verification (2FA).
• Fictitious invoices from company mail: Monitor outgoing correspondence and automatically analyze attachments.
• Impersonating a domain: Configure mail server security to reject unauthorized messages.
• Private Mail Scams: Automate invoicing and monitor payments to catch inconsistencies.

Do you want to protect your business? You don't have to do it alone. Sagiton specializes in business process automation, hosting and configuration of secure servers, including mail servers. Contact us and we will design and implement solutions that protect your business and your clients' finances. Protect your business from invoice fraud today!