UK Finance Report: Over 4,000 cases of Invoice Hijack in 2018 in UK. Typical loss over £20,000
Invoice Hijack takes place when fraudsters trick businesses into transferring money by posing as legitimate payees.
Typically this involves either ‘spoofing’ a supplier’s email address or compromising the supplier’s email accounts in order to present what appear to be legitimate reasons to change bank details.
UK Finance is the collective voice for the banking and finance industry, representing more than 250 firms. As an organisation it works for and on behalf of its members to promote a safe, transparent and innovative banking and finance industry. Published 21 March 2019, UK Fincance’s report – Fraud the Facts – lays bare the extent of fraud in the payment industry.
|Invoice Scams 2018||Total Business or Non-Personal Accounts|
|Number of Cases||3,280|
|Number of Payments||4,467|
|Value of Losses||£92.7m|
|Returned to the Customer||£29.6m|
This particular type of fraud has seen a rapid rise in the last 12-18 months.
Invoice scams were the third most common type of payment scam in 2018, according to the UK Finance report. However, they resulted in the largest share of losses (35%). Businesses are a prime target because they make higher value payments more regularly.
A lack of awareness would seem to be at the heart of the rise – research commissioned by Santander suggests that half of UK business owners and senior managers are leaving themselves vulnerable to invoice fraud by failing to take basic precautions. Separate research from UK Finance’s Business Payments Survey has found that 43% of businesses were unaware of the existence of invoice fraud.
Invoice Hijacking is not the only type of Business Email Compromise. UK Finance also report on the level of ‘CEO Fraud’ – a scam whereby the criminal either accesses the company’s email system or successfully spoofs the domain. In such a scam the criminal will email a member of the finance team with what appears to be a genuine email from the CEO. The message will create a credible reason for either a payment to be made urgently to a new account or a change of details for an existing account.
This particular scam is less prevalent now than in previous years as awareness has increased and internal processes have been adapted to thwart it.
However, fraudsters have discovered ever more sophisticated ways of targeting the payment process and evading technological scans and protection. As we showed in The Anatomy of a Business Email Compromise Scam, fraudsters have proved capable of breaching email systems without having to overcome network security measures.
Invoice Hijacking can affect any size of business – and the size of loss can have a dramatic impact. Worryingly, many have not put measures in place to protect themselves. The figures below are taken from the UK Finance Business Payments Survey (published in an article on mondovisione.com):
|Size of Business||Sole Trader||Micro (1-9 employees)||Small (10-49 employees)||Medium (50-249 employees)||Large (250+ employees)|
|Proportion aware of invoice hijack||55%||60%||68%||76%||84%|
|Proportion that have experienced invoice fraud||6%||9%||12%||17%||26%|
|Proportion that have taken steps to protect themselves||21%||43%||46%||43%||63%|
More Information and Our Advice on How to Stay Safe from Invoice Hijacking:
- Preventing Invoice Hijack and Business Email Compromise
- Don’t Rely Solely on Your IT Team
- Invoice Hijack: Your Defences Are Only As Strong As Your Weakest Supplier
- Can Invoice Hijacking and Business Email Compromise Be Stopped With Better Email Technology
- Five Ways Fraudsters Perpetrate Business Email Compromise