Dodgy Invoices On The Rise
Yet another case of a dodgy invoice causing massive monetary losses has come to light. The perpetrators combined email spoofing and a fraudulent invoice to dupe a Mumbai-based company out of INR1.6 Crore. It was not a human error which got the company in this fix, but a lack of proper gatekeeping tools. We already discussed in a previous blog how manual checking of each invoice for any business is almost impossible. Sending and paying invoices is as natural as breathing. You need some automated security checking for a dodgy invoice if you want to curb invoice fraud. Which is ironic, because the company in question is itself into automation. Let us take a look at their case.
Invoice Manipulation – How A Duplicate Bill Siphoned Off A 8 Figure Amount
The hardware automation firm received an invoice from an email account which looked like the one a German partner used. The invoice asked the Mumbai firm to pay an amount in lieu of services, to a certain bank account. In Feb 2020, the manager of the German firm’s purchase manager sent an email to the Mumbai firm that they had not yet received payment of around 1.6Cr even though the invoice had been sent. When Abhaykumar Shringarpure of the automation firm’s legal department looked into the matter, it turned out the remittance had been wired to a local bank account, and not the German firm’s original account. Upon inspecting the bank account, it was found that email id, although closely resembling a valid id, was forged.
Abhaykumar promptly alerted the cyber cell, who is currently looking into the matter. A natural response we would give to such a case is to recommend a multiple sign-off for releasing invoices. However, officials closely working on this case are suspicious of even an inside job. If this is the case, a human scrutiny is more or less untrustworthy.
What can you do to avoid such mishaps? The answer is simple. Remove the human factor, and allow specially designed systems and protocol handle security.
Benefits of using an automated fraud detection system
- Protocol streamlining: a tool will force you to send and pay off invoices in a certain manner. While for humans, one could make an exception in case of urgency, a rule-based tool will simply disbar all invoices that don’t follow strict procedure. This will render all emergency-inducing phishing baits useless. Also, if it is an inside job, it still won’t matter because a malicious actor would still have to follow the regulations imposed by the tool.
- Gatekeeping: if an outbound dodgy invoice does not even reach the buyer, the buyer does not have to worry about checking it for validity.
- No dispute over the liable party: if a supplier sets clear rules for indications of an authentic invoice, all the buyer has to do is check for them. If they still decide to pay invoices which do not have the hallmarks of a secure invoice, they will have to bear the responsibility of the losses that occur.
And of course, the most obvious benefit is automation, in which neither party has to suffer the overload of identifying and weeding out a dodgy invoice.
For security assistance and requests, drop us a mail.