“The money’s the same, whether you earn it or scam it.” Bobby Heenan
Invoices can be a costly matter and not always in the usual sense.
Cybercriminals believe that you would have a hard time spotting fake bills, which is why they’re increasingly using them as part of their cyberattack repertoire.
Let’s look at the following example of how a scammer duped a woman into paying over $75,000.
One customer in Perth was reportedly sent an email by Tesla with an invoice for around $75,000 to purchase a Tesla Model 3.
That invoice was then intercepted by hackers, and the bank details changed.
The customer unknowingly paid the money to a fraudulent bank account listed on the invoice. The same happened to another customer in Sydney last December 2020.
Tesla customers are not the only victims. Invoice scamming is becoming more common.
Here is an example of how Google and Facebook were milked out of $100 million in fake invoices.
A Lithuanian man and his associates found a bold way to steal from Facebook and Google – They asked for money via email.
More specifically, they sent fraudulent invoices to the California-based tech giants.
The invoices were good enough to persuade Google, which Alphabet owns, and Facebook to wire a total of more than $100 million for them from 2013 to 2015.
Cybercriminals understand the power of “brands” and will take advantage of well-known vendors since they provide credibility, authority and trustworthiness.
For example, many Apple users received fake iTunes bills for purchases they didn’t make.
Cybercriminals duplicated an authentic Apple email and placed their company’s logo on the invoice, making it difficult to determine whether it was legitimate or fake.
These scams are often so successful because they feature common items.
Products such as computer supplies are mentioned on the bill, a product so ubiquitous in many people’s budgets that it causes the recipient to automatically proceed with the payment.
Also, fraudsters conduct thorough research to make sure they’re sending the fake invoice to the right person, that is, someone who has the authority to pay but who’s unlikely to verify the purchases.
How Do These Attacks Work?
Many versions of the invoice scam have been reported, but the general con remains the same.