Alaska businesses are experiencing increased fraud involving fake invoices from legitimate vendors whose email systems have been compromised.
How the scheme works:
- Employees receive what appears to be an email from a current vendor.
- The sender’s email address appears to be legitimate. The email may contain the sender’s usual signature block, including a company logo, employee name and modified contact information. The email may also contain a fake email thread with internal employees authorizing the change.
- The email includes an attached and properly formatted invoice along with a request to change the account number and routing number for upcoming payments.
- The email will often indicate that a payment is overdue or due immediately, threatening an immediate consequence.
- Employees then pay the fake invoice or change payment information, sending money to the fraudsters, not the legitimate vendor.
How to reduce your fraud risk:
- Never make payment changes based solely on email requests.
- Report anything suspicious to local law enforcement and your bank.
- Follow your company’s established procedures.
- Always use dual control or validation processes, such as calling a previously known phone number for the vendor to verify the request.
- Establish multi-factor authentication for any remote access, especially access to send email.
- Train your employees on how to spot and prevent fraud.