What are Invoice frauds, and Why are they gaining in popularity?
In the first week of November 2024, security firm Wallarm publish an article about an intriguing scam involving DocuSign, a popular electronic signature solution provider.
Attackers are leveraging DocuSign's technology to send fake invoices that look remarkably authentic. But what makes these attacks particularly vicious is the level of sophistication they require.
Fooling businesses at scale using DocuSign’s API
Simply put, DocuSign's API, designed to streamline electronic agreements, has been weaponised by scammers to deceive unsuspecting victims. Scammers are using legitimate paid accounts to create and send Invoices that appear to be authentic. The attack involves:
- A highly customised invoice with official logo, Brand name, and format
- The use of the Docusign Brand credibility since it is trusted across various industries.
- Sending fake invoices to multiple businesses effortlessly using API automation.
Attackers are not only mimicking legitimate companies but are actively integrating themselves into genuine communication networks to carry out their malicious Invoice fraud.
But What exactly are invoice frauds, and how do they work ?
Invoice fraud, once a niche concern, has evolved into a widespread challenge for organisations of all scales. The practice involves submitting false or altered invoices to obtain funds illegally and effectively disguising theft as legitimate business activity.
The most common type of Invoice fraud are:
- Fake Invoice: Just like in the example above, this involves sending invoices for services that were not delivered or requested.
- Altered invoice: where legitimate invoices are intercepted and altered to redirect payments to fraudulent accounts.
- Overbilling: This method involves a real invoice, but the amount isn’t. Basically, charging more than what was agreed upon.
- Impersonating: This involves hacking a business email to manipulate transaction data.
But this list is far from exhaustive; thanks to the integration of digital tools and platforms, anyone can create invoices in seconds. The rest is a matter of creativity. However, while technology has amplified the reach of fraud, human error is often the unintentional catalyst. Large businesses process thousands of invoices daily, and fraudsters rely on the likelihood that not all invoices will be subjected to rigorous examination. In some “not so” rare cases, internal employees can provide sensitive information or deliberately approve fraudulent invoices.
But these practices are avoidable. By listening to the challenges and needs of Finance professionals, Betaramps is building a simple, secure, and automated way for businesses to trade safely. With blockchain technology and AI, fraud from fake invoices is virtually nonexistent.
Learn more at Betaramps.com
Sources
https://informationsecuritybuzz.com/attackers-exploit-docusign-api/
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/