Other information and services of the government: www.belgium.be   Logo van de Belgische federale overheid

Look out for invoice fraud!

Invoice fraud at companies is not a new phenomenon, but recently CERT.be, the operational department of the Centre for Cyber Security Belgium (CCB), has received more reports of this type of fraud. The CCB is therefore warning companies to be alert when making payments.

Invoice fraud is a form of fraud where cyber criminals have changed the account number of regular suppliers. The cybercriminals assume the identity of a supplier and ask an employee of the financial service or accounting department to change the account number and make payments. There is a risk that the employee fails to notice that the request does not come from the supplier and makes these payments into the account of the criminals.

It looks like cybercriminals are increasingly trying to make their move during the holiday period. They count on reduced vigilance on the part of employees during the summer months or hope that a replacement is less familiar with the applicable procedures.

- Miguel De Bruycker, Director of Centre for Cyber Security Belgium

A fake invoice has different forms. Cybercriminals forge original invoices where they change the bank account number, or send ghost invoices, which are invoices for which you pay for nothing.

Most important tips to arm yourself against invoice fraud

For management:

  • Contact the supplier via a telephone number or e-mail other than that provided in the message received (to ensure that this message is from the real supplier). Use e.g. forward instead of reply.
  • Make sure that the payment processes are clear and well monitored.
  • Provide clear procedures to verify payment transfers or sensitive information requests, especially those via e-mail.
  • Inform employees and make sure they have proper training so that they can quickly recognize the scams and respond adequately.

For employees:

  • Contact the supplier via a telephone number or e-mail other than that provided in the message received (to ensure that this message is from the real supplier). Use e.g. forward instead of reply.
  • Compare the account number on the invoice with your own details.
  • Be attentive to so-called urgent payments that require deviation from normal procedures.
  • Strictly apply security and payment rules. For example: have payments above a certain amount signed by several employees.
  • Never describe to strangers how payments are made in your company. Keep these procedures for internal use only.

 

Corporate identity fraud

In corporate identity fraud, cyber criminals act on behalf of your company by hacking or taking over a business account. This allows them to steal money from your customers through invoice fraud, for example.

Recommendations to prevent corporate identity fraud

  • Always use strong passwords for your accounts.
  • Use 2-factor authentication (2FA) where possible
  • Train your employees to recognize phishing
  • Handle company data with care