Four steps to protect your business from false invoice scams.

“False invoice scams”, or “invoice hacking”, are on the rise. Cybercriminals have become increasingly efficient and relentless and no business – regardless of size or industry – is immune.

False invoice scams up close

Regrettably, we have recently witnessed several of our own clients attacked via cybercriminals conducting false invoice scams. In these instances, cybercriminals have accessed an email account in the business. They have then amended and issued customer invoices, redirecting payments to their own bank accounts.

These are relatively simple cyber-attacks; however, the damage done has been significant.

Alarming cyber scam statistics

On their ScamWatch site, the Australian Competition and Consumer Commission (ACCC) show some alarming statistics:

During 2022 over $25 million was lost to false invoice scams.

The monthly break-down on these statistics confirms that this type of cybercrime and the costs to businesses is only increasing.

ScamWatch false billing stats for 2022: Amount lost and number of reports

By far the highest losses from false invoice scams occurred via email attacks.

ScamWatch false billing stats for 2022: Delivery method

Four steps to prevent false invoice scams via email

Below, we outline four measures you can implement now to help protect your business from such attacks:

1. Engage your employees in cyber-security:

  • Businesses must provide cyber-training to their employees. It is critical that employees understand and commit to any cyber-security measures put in place.
  • Implement solid password practices. This can include using a password manager and using two factor authentication on all cloud-based software applications (particularly email!).

2. Protect your business from cyber-attack:

  • Ensure all software and IT systems are kept up to date, with security updates installed as soon as they are available.
  • Likewise, having good antivirus software is critical. Seek advice from your IT specialist as good antiviruses are not always costly, but cheap antiviruses are not always good.

3. Consider cyber insurance:

  • Businesses can further protect themselves with cyber security insurance, which most insurance brokers can assist with. Cyber insurance is designed to help cover your business’s financial losses if it falls victim to a cyber breach or attack.
  • Importantly though, it should be noted that cyber insurance isn’t a fail-safe. That is, if your business hasn’t implemented appropriate internal controls and preventative measures, you may be denied a claim on your policy by the underwriter.

4. Implement eInvoicing now!

  • New accounting-specific tools can further enhance your business’s cybersecurity. Specifically, eInvoicing will protect your business against false invoice scams.
  • eInvoicing eliminates the need to send invoices via email. It is a federal government initiative which sends invoices directly between business-to-business accounting software (for example, Xero).
  • eInvoicing makes the process of sending invoices more secure – and more efficient – than emailing.
  • Learn more about eInvoicing with Xero here or contact one of Synectic’s Xero Certified Advisers

How can we help?

✔ Contact a Synectic adviser for help to set up eInvoicing in your business.

✔ Synectic clients – if your business is registered for eInvoicing, please let us know so we can send you secure eInvoices.

About the author

Kurtis_Alexander - Accountant Devonport Tasmania
Kurtis Alexander (CA)
Senior Manager

Kurtis is a Xero Certified Adviser who is passionate about the benefits and opportunities offered to businesses by cloud accounting software solutions. An experienced accountant and business adviser, he specialises in supporting small to medium business owners. Contact us today and ask to speak with Kurtis.