KRALENDIJK – The Cyber Crime Unit of KPCN has received several reports that companies on Bonaire suffer from (attempted) invoice fraud. In all these cases, it concerns personalized fake invoices with very high amounts.

The entrepreneur receives a forged invoice in the name of an existing business relationship. In many of these cases, the fraudster intercepts the original invoice (physical or digital). Then only the account number is changed to the account number of the criminal. The company pays the bill he expected, but the money is transferred to the scammer’s account number. It is important that all sections of an organization know this form of fraud. Therefore, make invoice fraud negotiable in companies, especially in departments where payment orders are processed.

Tips for employees:

• Check the e-mail address of the sender of the order or invoice, is this really the e-mail address of your own company or of the customer?
• Always check the account number of the recipient with their own administration;
• Verify the payment by calling the (named) client. To do this, use the number that is known; not the number that accompanies the payment request. After all, that number may belong to the scammer;
• Be alert to excuses why a payment is urgent and should deviate from normal procedures;
• Be alert to phone calls and email messages of a compelling nature;
• Clearly establish guidelines for invoicing, describing who may execute a payment order if there is no approved invoice. Try to avoid exceptions and make sure that multiple signatures must always be placed with a payment order (separation of functions or double authorization). Two people always see more than one;
• If in doubt, always consult with a colleague or manager.

What to do if you have become a victim of invoice fraud?

Call the bank as soon as possible if a payment has been made to a fraudster. Always make a declaration or report to KPCN. Declaring and reporting to the police help to get a picture of perpetrators, to close off attack servers and to prevent more victims. KPCN can also help to find out which digital vulnerabilities the company has. In previous reports of cybercrime, for example, there were data leaks (login details) that the companies themselves were not aware of. In addition, in the event of any disputes with the person who should have received the money, it can be an important element in the settlement.