Invoice fraud in the physical and cyber world

AWDC Security Office (AWDC SO) wants to provide the Antwerp diamond community with security recommendations to prevent, detect and respond to ‘invoice fraud’. We can define invoice fraud as the rerouting of payments or invoices to a temporary and criminal bank account instead of the actual and legitimate vendor’s account.

Physical fraud: the criminals illegally intercept and steal original hard copy invoices send by the vendor to their respective customers, often using the regular public BPost mailboxes, such as the one located near the Schupstraat. They triage the mail, looking for invoices. The rest is destroyed or reintroduced in the regular mail system. They specifically look for invoices, often to foreign customers. They falsify and imitate the original invoice, except the bank account information. They use so-called ‘mules’ to open legitimate bank accounts, which are used on the falsified invoices. As soon as an unaware customer pays the invoices on their account, they transfer the money to a network of other, often foreign, accounts or withdraw the money in a bank or an ATM. As soon as they think their bank account is ‘burned’, they stop using it and switch to others. The vendor will only become aware through a vigilant customer or if their accountancy office informs them about a bad debt. The customer is contacted and states that he already paid the invoice. After checking the bank account information, they notice it has been paid to another account. Checks with the banks rarely lead to the identification of the perpetrators or recovery of the money.

Cyber fraud: instead of physically intercepting and stealing the invoices, criminals can also hack electronic communication, for example email accounts using a ‘MiTM attack’, after which the process is similar to the one described above.

In rare cases, a trusted staff member commits the fraud.

Please be aware that most standard insurance policies exclude ‘invoice fraud’!

Recommendations:

• Always physically and electronically check incoming invoices, also from known and long-term vendors. In case of the slightest suspicion or unusual changes, especially in bank account information, contact the vendor, using previous invoices and known vendor contact information. (do not use the contact information on the suspicious invoice to perform the check).
• Upon a confirmed fraud, block the invoice, contact the vendor, the bank, check other invoices and report it to the Local Police of Antwerp and the AWDC SO.
• Always keep copies of invoices on record for quick and easy verification.
• Consider a well-structured financial tracking system to monitor bad debt and changes in bank account information. 
• Contact your insurance broker to see whether “invoice fraud” is in- or excluded in your insurance policy and check for options.

Please do not hesitate to contact the AWDC SO for more information, questions or remarks: info@awdc-securityoffice.be