Wire transfer fraud is not limited to being committed using fake executive emails, which was detailed in our previous article. In fact, business email compromise does not even have to occur from a fake internal account. Scammers can pose as an existing or fake vendor in order to trick companies. Large organizations are particularly vulnerable to this form of scam, due to the separate divisions within large companies. Fake invoice scams begin with the targeted business receiving a letter or email from the scammers posing either as a fake vendor or as an existing client.
Scammers Posing as a Fake Vendor
Scammers using fake vendor details often pose as vendors such as office supplies providers, advertisers, or domain hosting providers. Office supply scams involve businesses receiving invoices for large shipments of common goods such as paper, printing supplies, etc. If the scammers pose as a previous supplier, the invoice will state various products were previously delivered and never paid for. Businesses may also receive shipments of low quality supplies they never requested, only to be sent an invoice requesting payment for said supplies, stating they had been ordered by the organization.
Fake advertising scams work in a similar way, with the invoice stating the recipient had requested advertising but not been paid. Scammers may even pose as a legitimate advertising agency with fake contact information, or will claim ownership of an actual advertisement commissioned by the company.
Domain renewal scams involve sending renewal notice for a domain similar to the recipient’s, but that is not owned by them. Examples include sending a renewal notice to a company for the domain company.cn, though they may only own company.com, company.eu, and company.au. As the domain listed is close enough to others actually owned by the target, it is easy to assume the fraudulent domain is also owned.¹
Scammers Posing as an Existing Vendor
Fake vendor invoice scams also include scams where criminals pose as a target’s existing client. These payment redirection scams are when a scammer poses as a regular vendor, informing you their banking details have changed. Vendors a company uses can be found from either company’s websites if they list various organizations they are partnered with, or through hacking one of the target company’s computer systems. The fraudsters will often steal the vendor’s branding, making their change of detail notice difficult to identify as fraudulent. This scam is particularly effective in the short term, as the true vendor will continue operations, but the scammers will be paid. These scams are often only noticed when the actual vendor contacts the business asking why they have not been paid.²
Contributing Factors to the Scam’s Success
At this point you may be wondering how any well-operated business could fall victim to such a simple and avoidable scam. The answer lies within a combination of large business culture and human nature. Fake invoices are sent to a payables clerk, who is likely familiar with making payments for previous advertisements, supplies, renewals, or to regular vendors. The scam’s success relies on the clerk’s familiarity with previous payments so that they process the request without much scrutiny. The scam also takes advantage of the likelihood the clerk will not manually verify the invoice, either by calling the true vendor or by discussing it with a supervisor. The clerk is also likely unfamiliar with specific details about business operations and every contracted vendor and provider. Due to this, if the clerk does not recognize the fake vendor, they can very easily believe it is valid, assuming they are just unaware or forgot about that particular vendor.
Scammers will also likely time their scam to run close to the close of business. The invoice will communicate a sense of urgency, pressuring the clerk to process the request quickly. This pressure appeals to the clerk’s natural willingness to help, and they are likely to focus more on processing the request in time rather than checking the validity of the request.
With how easy it is for scammers to send fake vendor invoices and for payables clerks to overlook any suspicious material, it is crucial to know common signs an invoice is fake. In our next article, we will be covering the top signs an invoice you received is part of a scam.
If you have been the victim of an email compromise scam, call McCann Investigations at (800) 713-7670. We will provide a free consultation and outline the steps you and your response team need to take to gather and maintain the evidence you need to pursue litigation or an insurance claim. We can also explain the critical use of an licensed investigator to perform the forensic investigation and provide an objective opinion on the origination and scope of the compromise scam.
Contact Dorothy Filippov, Certified Fraud Examiner, at McCann Cyber: (346) 400-6554.