Page 9 - PA_Enterprise_October-November-2021
P. 9
PA Enterprise
Phishing Fake invoices
How it works: Imagine that an employee who How it works: Your accounts payable employee
handles purchasing for your business receives an receives an invoice for a load of boxes and
email that appears to be from your company’s other shipping supplies. She knows that your
vice president. The email requests that the warehouse regularly orders shipping supplies. So
employee order a new laptop and have it even though she doesn’t recognize the vendor,
shipped to an unfamiliar address. Because the she assumes the invoice is legitimate and pays it.
email appears to come from an executive team However, the invoice was from a scammer who
member, the employee follows the request has never sold anything to your business, and
and inadvertently purchases and ships a new they just made several hundred dollars off your
computer to a thief. business.
Phishing emails are targeted emails that appear When scammers send fake invoices charging you
to come from official accounts, clients, and for services or items you never received, they
stakeholders. They are intended to trick recipients take a bet that whoever pays won’t check the bill
into sending money, expensive items, or before paying. They may also make an invoice
personally identifiable information. That sensitive for the types of materials or supplies you would
information may include Social Security numbers, usually purchase, so it doesn’t look suspicious.
birth dates, gym membership information, and How to avoid it: Make sure to review each invoice
other data that makes it easy to commit identity for legitimacy, and never pay unless the charges
theft. In many cases, these emails appear to are verified. Train your staffers to do the same
come from higher management requesting thing. Even if the invoice appears to come from
that HR personnel send personal information a trusted vendor if it has a different address than
(think W-2’s). This provides thieves with enough the one you usually remit to, call the vendor to
information to steal employees’ identities and verify. Find the vendor’s number on previously
damage their finances. approved invoices or online to ensure that you
How to avoid it: Train employees to recognize are not being redirected to the scammer’s phone
fraudulent emails. In many cases, phishing emails number.
will contain grammar mistakes and spelling Also, make sure your business has clear
errors, or logos and other graphics that look a procedures for processing and paying all
little off. Also, instruct employees to check with invoices. For instance, the person who ordered
the supposed sender before providing sensitive the supplies or services should be required to
information or valuable property. All employees verify the invoice before the accounts payable
should be instructed to verify any request via department can pay it.
trusted communications channels, such as a
phone call or originating a new email to the ACH and wire transfer fraud
person’s company email address, or looping in How it works: ACH transactions and wire
someone from legal to review the request.
transfers are the quickest ways to send
Frequently, phishing emails will come from cash, and scammers are taking advantage
an email address that looks very similar to of these transactions to steal from bank
the legitimate email address, with one or two accounts. Cybercriminals use phishing emails,
different letters. Instruct employees to review compromised websites, and malware to steal
the email address when they receive sensitive
requests carefully. Continued u
PA Enterprise is published by
October/November 2021 9
