Fake Invoice Scams: Protect Your Business with Microsoft 365

The fake invoice scam has been impacting an unbelievable amount of businesses lately costing £000’s every day.

Every other day, another business is hit by this type of attack and loses money to cyber criminals. There are two common ways this happens. Either the attacker is impersonating one of your colleagues or a supplier, or your colleague’s or supplier’s email account has been compromised. When an email account is compromised, attackers often create a custom rule to forward emails from a certain sender to an external address so that the intended recipient never sees them. In both cases, the attacker usually requests that funds are transferred into a different bank account than normal. So, how do you combat this?

First and foremost, it comes down to business process. Whenever there is a request to transfer funds to a new bank account, the sender should verify the bank details by calling the recipient using a trusted number already on file. This simple but highly effective process could save UK businesses millions of pounds. If you are using Microsoft 365, there are also several technical measures that can help reduce the risk:

• Warn users of the external emails
• Create alerts when forwarding rules are created
• Enforce multi-factor authentication
• Enable anti-spoofing protection
• Educate your employees through regular security awareness training

These measures may sound basic, but a surprisingly large number of businesses still do not have them in place and continue to fall victim to invoice fraud and business email compromise.

It is also a very good idea to consider working towards Cyber Essentials Certification, which can help ensure you have essential security controls in place before an attack like this happens to your business.

We do not want this happening to your organisation. If you need any further support, guidance or advice, please get in touch.