Fraudsters hide behind fake invoices

Invoice Image copyright Eyewire

Computer malware hidden in fake invoices is being used to steal businesses' banking details, investigations have found.

Fraudsters email the invoices on text or spreadsheet documents to firms, claiming to be from a regular supplier or a trusted organisation.

Opening them triggers instructions which log the firm's financial data.

Anti-fraud group Financial Fraud Action UK said there had been a surge in this type of trick in recent weeks.

Protection techniques

The fraud operates because victims unwittingly enable a macro - a big block of code - on their computer system when they think they are opening the invoice.

It contains malicious software which logs online banking details and other financial information and sends them back to the fraudster.

This information is then used to raid the firm's bank account.

Experts have warned that con-artists are increasingly targeting businesses, rather than individuals. This is because they generally have larger amounts in their bank accounts and because individuals are becoming wiser to scams and phishing emails.

Firms are being urged to keep an eye out for unexpected invoices and not to open macros on documents that staff do not trust. Accounts departments might also consider keeping a separate computer specifically for making online payments.

Fraud prevention service Cifas recently reported that fraud hotspots were found in London, Leicester, Birmingham, Manchester, Leeds and Glasgow.

Among individuals, men were 1.7 times more likely than women to have their identities stolen, it found. Young adults were being increasingly targeted, but the typical ID fraud victim is still a man aged 46.

Related Internet links

The BBC is not responsible for the content of external Internet sites