Easily avoid the 6 most common types of invoice fraud using AI

Fake invoices, vendor impersonation, and cash skimming are just a few methods used by motivated criminals to steal money from large corporations. Here’s what to look out for to prevent your business from falling prey to invoice fraud schemes. Download this white paper and learn how AI can help you avoid the most common types of invoice fraud.

6 Most Common Types of Invoice Fraud

The average large company processes hundreds or even thousands of invoices every month. The sheer volume makes it impossible to closely examine each bill that comes through the door.

For those intent on deception, there are countless ways to exploit this vulnerability. Duplicate invoices, fake invoices, phishing schemes, vendor impersonation, unapplied discounts, cash skimming, cash lapping, shell companies... these are just a few of the methods used by motivated criminals to suck money out of large corporations, often without consequence. Both company outsiders and employees commit invoice fraud, and often the two groups work together.

How can your business prevent falling prey to invoice fraud schemes? Knowing exactly what to look out for is an important first step.

1. False and Duplicate Invoices

Duplicate invoices are a huge source of leakages for big businesses. Two percent of a typical corporation's A/P invoices may be duplicates, reports AuditNet. For a company with $75 million worth of invoices each year, that's a whopping $1.5 million annually. Not all duplicate invoices are fraud, of course, but sneaking duplicate invoices under the radar is a popular tactic for criminals on the inside and outside of organizations.

In one case, accountant Stephen Jones sneakily defrauded his employer, CPCCommodities, of more than $765,000 over a five-year period. According to court records, "At times, Stephen Jones transferred money to his account in amounts similar to direct deposits of his salary, though he had already been paid... Stephen Jones also transferred money to his account in amounts of payments due on duplicate invoices received from vendors." Ultimately Jones was sentenced to serve two years in prison and pay full restitution.

Fraudsters may submit outright fake invoices as well. An inside connection to the business makes it easier to get away with this blatant deception, but external parties often try to get away with the crime by submitting invoices for amounts low enough that they'll fly under the radar. Subscriptions, directory listings, compliance services, and paper are just a few of the more common "services" criminals cook up fake invoices for, according to the Office of the Attorney General in Minnesota.

2. Shell Companies

As an accounts payable clerk for Tigrent Inc., a provider of financial literacy tools, 34-year old Florida resident Junipher Sayers managed to steal more than a million dollars from her employer by submitting false invoices and diverting them to shell companies she had created explicitly for the purpose.

Sixty-four year old New Jersey resident Philip Charles de Gruchy defrauded his former employers, Toys "R" Us and Tumi Luggage, out of a combined $3 million by creating shell companies with his deceased ex-wife Barbara Brown. Their fake companies ("CEM Direct Marketing" and "BI Insights") billed for "marketing consulting work" that was either never delivered or was plagiarized from other firms' work.

Both of these schemes used shell companies — companies which exist only on paper and provide no services — to carry out their fraud. This type of asset misappropriation presents a huge risk for companies. In a study of 2,504 occupational fraud schemes (fraud perpetrated by company insiders) across 125 countries, the Association of Certified Fraud Examiners (ACFE) found that such asset misappropriation made up 86% of fraud cases in 2020. Overall, occupational fraud resulted in more than $3.6 billion in total losses.

3. Cash Skimming

Cash skimming refers to an employee stealing money from a business before that money has been recorded in the books. This type of fraud may seem minor — a few dollars pocketed here or there — but substantial, cumulative losses can occur.

In one example, the State of Washington Department of Transportation lost $118,000 as a result of a cash skimming scheme perpetrated by two ticket-takers in their ferry terminal. The ticket-takers collected cash fares but didn't record the transactions or provide customers with a receipt. In another cash skimming scheme, a county landfill lost $165,000 in one year from cashiers stealing customer service fees paid in cash.

4. Non-Delivery of Product or Service

A company orders a product, the vendor submits an invoice, and... the product is never delivered. That's what happened in the case of Detroit multi-millionaire and businessman Gary Tenaglia, whose firm was contracted to remove ice and snow at the Detroit Metro Airport. Tenaglia billed the airport for $1.5 million worth of specialty de-icing product called NAAC, but he never actually ordered the product. Instead, he pocketed the cash.

Tenaglia appears to have conspired with accomplices as part of a wider corruption scandal but 3-way matching — in which the invoice is cross-verified with the purchase order and the receipt — is often the best way to begin to identify false invoices and/or undelivered products.

5. CEO Fraud

No, this isn't CEOs stealing money from their own business (though that happens too). In this scheme, criminals impersonating company execs send emails authorizing urgent payments. Think: "We need to close this deal immediately, here are the wiring instructions." A third party follows up to confirm, the accountant wires the money and breathes a sigh of relief — the deal will go through.

Except of course, it's all a scam. According to the 2020 FBI Internet Crime Report, CEO fraud is a sophisticated form of "business email compromise," generating 19,369 reports and adjusted losses of over $1.8 billion in 2020 alone. These types of identity theft scams are evolving to capture and compromise other kinds of personal information, which is used to transfer stolen funds and sometimes convert to cryptocurrency.

In one case, German company Leoni AG, a large, publicly-traded manufacturing company, lost 40 million Euros ($44.6 million) in the blink of an eye after their CFO received a fraudulent payment request. The request was carefully crafted with the company's internal protocol for transfers in mind. The company stock dropped by nearly 7 percent following the incident.

Criminals may use malware to hack into executive email accounts, studying their patterns of speech, travel schedule, and business practices before sending out fraudulent requests. Or they'll use spoofed email addresses that look similar to a CEO's real address. The schemes can be quite sophisticated, and often specifically target companies that conduct extensive foreign transactions via wire transfer, since those payments are difficult to reverse.

6. Vendor Impersonation

Criminals may use spoofed emails to impersonate trusted vendors as well. Using a lookalike address (e.g., accounting@company.name.com instead of accounting@companyname.com), they might send an email saying they've changed ACH routing information or billing address, along with a fake invoice. Smart fraudsters will do their research: they'll use a company that you frequently do business with and figure out exactly which employee to target within your ranks.

Sometimes, the tone of the email might be a bit off, or a closer look at the email address might reveal the deception — but when your team is busy and unsuspecting, it's easy for something like this to slip under the radar.

In one example, an Arkansas woman impersonated Happy Egg Co., an organic egg supplier and emailed a customer of the company, Woodland Partners, stating that its bank account information had changed. The customer diverted payments to the new account and the fraud went undetected until Happy Egg Co. alerted Woodland Partners that it had fallen nearly a million dollars in debt.

Protecting Against Fraud

Invoice fraud is an insidious problem for large companies. Threats can come in all forms and from a wide variety of people — employees, vendors, hackers, and others. With millions of invoices coming in each year, audit teams are often too buried in their day-to-day responsibilities to proactively think about preventing fraud. Furthermore, auditors rarely have investigative mindsets, and a traditional financial statement audit is simply not designed to detect fraud.

But protecting against fraud is crucial for the bottom line. Below are some of the most common methods for protecting against occupational fraud, according to the Association of Certified Fraud Examiners: