The Accounts Payable function is heavily exposed to invoice fraud. AP teams deal with high invoice volumes and vendor queries and often don’t have the capacity to be vigilant while maintaining efficiency.
A survey conducted by Medius found US and UK finance teams have seen at least 13 invoice fraud attempts a month in 2024. The average loss from these attempts equals $133,000 in the US and £104,000 in the UK.
Fraudsters use methods like malicious AI that are hard to spot and can exploit businesses at scale. The risk isn't just external. Internal fraud is as big a threat as employees find new loopholes to manipulate invoices and systems. It’s more important than ever to have the right AP controls in place to protect your business and cashflow. For many organisations, this includes looking beyond standard ERP controls to manage fraud attempts and better safeguard their function.
This article looks at key cases of internal and external invoice fraud from recent years and offers a solution. With Xelix, you can proactively prevent invoice fraud and phishing attempts like these and safeguard your Accounts Payable function from big losses.
The worst invoice fraud cases in 2023/2024
National Trust defrauded out of £1m - UK
Ex-employee Roger Bryant was convicted for authorising 148 fake invoices from his sons, James and Scott, who were posing as vendors. An audit of procurement activities found no evidence of any work tied to these payments, the first of which was in 2013. Bryant attempted to cover it up by hiding Trust documents and asking witnesses to lie.
Falsifying company invoices - Poland
An employee of a petrol station operating company created false VAT invoices by exploiting his access to company documentation. The fraudster then sold these invoices to other businesses so they could claim input VAT without making the corresponding payments.
The tax authority tried to recover the VAT when they uncovered the scam but held the petrol company responsible for any amount they couldn’t.
Fraudster duo jailed for faking supplier invoices over £1m - UK
A US law firm’s facilities manager and company director defrauded over £1 million through fake invoices. The pair sent invoices to suppliers using personal emails and phone numbers to hide their activities and created fake companies with different directors. Using these dummy companies, they submitted invoices for work that was never carried out and defrauded the firm for years.
The firm’s UK finance team raised some suspicion, prompted an audit and discovered all their fraudulent activity.
The worst invoice fraud cases in 2021/2022
Employee approves over $1.8m to personal bank accounts - B.C. Canada
An employee of a nonprofit organisation defrauded her company out of a $1.8m by diverting payments to her personal bank account. Leveraging her role as bookkeeper, she submitted multiple false invoices through Accounts Payable and signed them off without any further checks. According to court filings, the employee used these funds for personal purchases such as properties, cars and investment accounts.
Phishing scam costs local government $1.2m - Florida, US
The City of Fort Lauderdale mistakenly paid a $1.2m fraudulent invoice. The fraudster impersonated a local contractor building the city’s new police department. The paperwork appeared authentic because it matched past requests from the company. The scammer had access to the company’s information, files and existing processes.
The fraudster submitted a payment request with a blank check, and the City’s AP department authorised the payment via wire transfer.
The worst invoice fraud cases in 2019/2020
In 2019, UK Finance issued data that indicated 26% of large businesses have fallen victim to invoice fraud, despite 84% not fully understanding what invoice fraud actually means. With the ever-growing sophistication of fraudsters, finance teams need to look beyond their ERP to fully safeguard their business.
Conviction of Evaldas Rimasauskas - NYC, US
Using imitation email addresses, Lituanian national Evaldas Rimasauskas successfully defrauded US tech giants Facebook and Google out of a total $122 Million Dollars. Rimasauskas did this by sending fake invoices that were disguised as coming from a common supplier, Quanta Computer Inc, based in Thailand. This demonstrates that even the largest corporations can be conned by a committed fraudster.
Former city official steals $74,000 - New Jersey, US
James Colucci, the former Assistant Director of a municipal office in New Jersey, was charged on three accounts of theft by deception for fraudulently invoicing the city more than $74,000. His crimes are alleged to have taken place between December 2017 and February 2019, where he used the names of two fake companies and a false name to file the documents. It is said that the average fraud case runs for two years before detected.
A-1 Janitorial - US and Canada
In December 2019, the US Federal Trade Commission (FTC) mailed more than 30,000 cheques averaging $86 to refund victims of an invoice fraud scheme from A-1 Janitorial. The firm had offered businesses across the US and Canada a free sample of a cleaning product, then billed those companies for the full cost. The invoices they sent would call out an employee by name, increasing the likelihood the recipient would pay. Any companies that did pay were then sent more unordered products, followed by additional invoices.
Jennifer LaBarge and Polar Rig Specialties - New Caney
In Texas, a woman stole more than $800,000 from family-owned rig enterprise, Polar Rig Specialties. In the scheme that went on for several years, in which she had gained her employer’s complete trust, LaBarge used the company’s QuickBooks Account to pay auto loans, credit card bills and other personal expenses, changing the details to make it look like standard vendor payments. The actions of this lone employee damaged the entire company’s reputation and lost the business a total sum of nearly $1 million.
Naked Security - New York, US
Cyber Security publication “Naked Security” fell victim to invoice fraud that ran for a period of four years. A former IT executive established a fake shell company and used it to pose as a legitimate supplier. This enabled him to generate fraudulent invoices and process payments to his own bank account. The company eventually caught the employee out by tracing metadata in Microsoft Word documents, by which time the fraud had amounted to a cool $6 million.
What to look out for in the future
Invoice fraud isn't going anywhere. As the world continues to learn more about the capabilities of AI, scammers will uncover new tactics to trick AP teams into innocent mistakes.
Here are just a few trends to look out for:
Rise in deepfake technology
Deepfake audio and video tools may be used to impersonate executives or a legitimate vendor, making fraudulent invoice attempts more convincing.
Sophisticated phishing attacks
Fraudsters will use advanced phishing schemes, including spear-phishing and business email compromise (BEC scams), to target employees in finance departments. These attacks can often result in fake invoices being approved.
To mitigate Accounts Payable invoice fraud in the future, finance teams should look to:
- Regularly audit Accounts Payable processes to prevent and spot internal fraud
- Use the right technology to move from a reactive to a proactive approach for invoice fraud prevention
- Upskill employees on how to spot invoice fraud
- Strengthen relationships with suppliers for invoice verification
- Stay updated on emerging invoice fraud trends and regulatory requirements
