Trap niet in nagebooste facturen

Avoid paying counterfeit or fake invoices

Woman frowns at invoice

Factuurfraude kent vele vormen, maar hier hebben wij het over een vorm van BEC-fraude (Business E-mail Compromise) waarbij fraudeurs zakelijke e-mails nabootsen om medewerkers van een bedrijf geld afhandig te maken. Fraudeurs doen zich bij factuurfraude voor als bekende bedrijven, concernrelaties, of vertrouwde leveranciers waarmee je al eerder zaken hebt gedaan. Ze sturen een valse factuur die lijkt te komen van deze partij. Wanneer je deze factuur betaalt, belandt het geld op de rekening van de fraudeurs. Deze vorm van fraude vindt relatief vaak plaats bij kleinere organisaties, waar financiële processen soms de controles missen om fraude te ontdekken. Voorbeelden zijn er te over. Ook in Nederland, zoals je leest in ons artikel over CEO-fraude bij Katwijks bedrijf

What happens in invoice fraud?

Invoice fraud with fake domain names can follow various patterns:

  • Fraudsters send fake invoices to a variety of e-mail addresses, making them look as if they come from familiar organisations (e.g. telecoms companies and government agencies). Often the invoices are for small sums, which the recipients are less likely to question. Usually, they relate to something quite general, and they aren’t addressed to particular individuals. Many organisations settle low-value invoices without requiring purchase orders, making it hard for the recipient to establish whether the invoice is genuine.

  • Invoice fraud sometimes takes a more targeted form, where the invoice seems to come from a familiar organisation that you’ve dealt with before. The scammers typically send the invoice from an e-mail address very like the real supplier’s address, but with some little change.

How can you recognise a fake invoice?

If you receive an invoice by e-mail, it’s important to check a few things before paying it.

  • Check the contents

    Was an order actually placed for the goods or services in question? Is there a matching purchase order number in your bookkeeping system? If you’re still unsure or you can’t find a matching purchase order, ask the apparent supplier or service provider for clarification, even if the sum involved is small. Use the contact details you already have when you approach them, not the details on the invoice, which might be fake.

  • Check the sender and addressee

    Fake invoices are often for small sums and aren’t addressed to particular individuals. They also tend to address the recipient in a non-personal way, e.g. by starting ‘Dear Sir/Madam'. Be extra careful with any invoice that fits that description. It’s also important to verify the sender and to check whether your organisation has actually done business with the company in question.

  • Check the bank details

    Does the account number on the invoice match the one you’ve used before for this supplier? Be extra-careful if the bank account is abroad. Scammers often want money paid into foreign accounts.

  • Check the e-mail address

    What address was the invoice sent from? Does it include the real organisation’s usual domain name? Invoice fraudsters often use an address that’s very like one you know already, except for some small detail (e.g. a capital 'i' or a '1' instead of a lower-case 'L'. Even if the address matches, don’t let your guard down.

  • Be extra-wary of urgent payment requests

    If the covering e-mail says that the invoice needs paying urgently, be extra-careful. As in CEO fraud, scammers like to create a sense of urgency, so that you feel there isn’t time to stop and think things through properly.

You could also go a step further, and reduce the number of invoices you receive by e-mail. Most modern e-invoicing tools use the PEPPOL network, where invoices can be exchanged quickly and securely. You might find that some of your suppliers can’t invoice you that way, but don’t let that put you off doing what you can. Most organisations can cut the number of e-mailed invoices by quite a lot.

What can you do if you fall victim to invoice fraud?

Have you mistakenly paid a fake invoice? If so, it’s important to report it to the police. Reporting cases helps raise awareness of what is a growing problem. It’s often hard to get your money back, though, especially if it was sent abroad. If the payment was made to another Dutch account, it’s nevertheless worth contacting your bank as soon as you realise what’s happened. They might still be able to cancel the transaction. If you’ve got the IBAN details of the account your money went to, you can also ask the bank for the account-holder’s name and address. Then at least you know who scammed you, opening the way for possibly starting civil legal proceedings to get the money back.

SIDN BrandGuard

Want to prevent invoice fraud? SIDN BrandGuard is a monitoring service featuring a personalised dashboard, which notifies you immediately whenever a domain name similar to your brand name is registered. Getting early warnings enables you to respond promptly to prevent CEO fraud, domain name fraud, cybersquatting and typosquatting. And thus avoid the high cost and reputational damage caused by such scams.

Read more about SIDN BranGuard