back to article Fake invoice scammers slurp $5bn+ from corp beancounters – FBI

The FBI reckons scammers netted more than $5bn in four years by emailing fake invoices and similar bogus claims to beancounters, tricking them into handing over company cash. This so-called business email compromise crime (aka BEC, or sometimes "whaling") involves thieves sending convincing-looking invoices to staff while …

  1. Herby

    Yes, it is illegal...

    But the federalies do little to stop it.

    IRS scammers: Haven't seen them do perp walks.

    Ransom ware: Sieze the proceeds? Nope!

    Fake Microsoft service: Kill off the 800 (toll free) number? Not a chance?

    Spam: Nope!

    Yes there is lots of money lost, but is any jail time handed out? Very little (if at all!).

    And we all deal with it every day!

    1. Anonymous Coward
      Anonymous Coward

      Re: Yes, it is illegal...

      But, is it really illegal?

      Let's say you didn't break into my account/email, you just fired off a random invoice to me for something you didn't provide. Let's say I pay it, what was illegal? Better yet, say I call you out on that fictional something, yet you still insist on the charge. What was illegal?

      AT&T has for years charged for a something (a modem) they have never provided.

      So MegaCorp gets a pass, but Joe Blow doesn't? You know it's not fair and highly unethical, but maybe it's just not illegal.

      1. DavCrav

        Re: Yes, it is illegal...

        "you just fired off a random invoice to me for something you didn't provide. Let's say I pay it, what was illegal?"

        I think you need to look up the definition of the word 'fraud'. Don't know about the US, but in the UK it is definitely illegal. It used to be called 'obtaining money by deception', but now it is rolled into general fraud.

        1. Yet Another Anonymous coward Silver badge

          Re: Yes, it is illegal...

          'obtaining money by deception' also known as software license small print

        2. kain preacher

          Re: Yes, it is illegal...

          In the US it would be wire fraud and theft by deception.

      2. Gordon Pryra

        Re: Yes, it is illegal...


        It is not illegal to bill someone.

        Even if its not for anything.

        I have the same issues with Virgin media, charging me for a land line subscription for the last 4 years, yet not actually having the phone line physically connected into my phone socket at the house.

        Turns out that it wasn't not illegal for them to bill me, the onus was on me to not pay the invoice.

        But If you pretend to be someone else when asking for the cash, then I its fraud.

        1. Anonymous Coward
          Anonymous Coward

          Re: It is not illegal to bill someone even if its not for anything.

          Tell me about it. I got a very sinister letter from a collections company (let's call them Explorian) saying that I didn't pay a electricity bill that was due four years ago. I had the receipts but it was not proof enough, I had to get an appointment with (dun dun dun) the collections company to plead my case otherwise they would include my name on the Deadbeat Losers Records and try to get credit for anything then muhahaha.

          I went to the office of the energy company, who told me that all was OK and I wasn't in debt and they had no idea where Explorian got that information but maybe I was days late in the payment of that bill (when it was due) and they got that record but we were OK, we were cool.

          So I got my appointment with Explorian. The person that talked to me told me that it was a mistake, haha, sorry for you wasting your time. I asked 1) why did I had to go to their office instead of calling, 2) why did they decide to act on a bill that was paid for, and four years old; 3) how could I be sure that that "obvious misunderstanding" wasn't going to happen again. She told me that I had to get another appointment, in a month or so, with a supervisor, to file a complaint. I decided not to.

          I had more simple, honest, straightforward business transactions while buying pot for my cat.

        2. Just Enough

          Re: Yes, it is illegal...

          "It is not illegal to bill someone."

          Sure, it's not illegal to bill someone for nothing, as long as that's what the invoice says. Although good luck arguing that one in court. "Yes, your honour, I did bill them £1000 for 16 imaginary cases of nothing that they did not order. But it's that's my legitimate business."

          It is, however, illegal to bill someone for a service or product that you know you did not provide. That's simple fraud, i.e. lying, obtaining financial remuneration through deception.

          Mistakenly billing someone for something you didn't provide is a different matter.

    2. Anonymous Coward
      Anonymous Coward

      Re: Yes, it is illegal...

      Nope, white colllar crime isn't regarded as such, clearly. Only low level, minor crimes, particularly committed by peoples of African origin are worth pursuing. Not too much hard work for your average everyday, white, doughnut muncher.

  2. Christoph

    "submits a fake invoice to a firm from someone posing as a contractor or business partner. "

    That's what order numbers are for. If your invoice doesn't show an order number and have details matching the corresponding order, it gets sent upstairs for detailed checking before any payment.

    1. Richard 12 Silver badge

      Order numbers tend to be guessable

      And supplier details are public knowledge.

      The other one to watch for is "We've changed our bank account details". That should be an immediate red flag demanding an instant out-of-band confirmation.

      I rather suspect this is something where a sub-0.1% hit rate still nets the scammers a lot of money, so it doesn't take many tired account controller screwups.

    2. Anonymous Blowhard

      "That's what order numbers are for"

      Not quite, you should also have a process for validating that what was ordered got delivered.

      For physical items it's a GRN (Goods Received Notification) that is matched against the order when items arrive at your business.

      For services you need an equivalent SRN (Service Received Notification) process whereby someone validates that the service has been received (usually the person that ordered or requested the service).

      Then you only pay against the GRN/SRN (what was delivered) not necessarily what was ordered (these systems also restrict over-receipt to prevent scams whereby suppliers inflate their business by delivering more than was ordered).

      These elements are typically part of the integrated purchasing and accounts modules for an ERP system, and the process should also prevent duplicate invoicing (either by the original supplier or by a third-party scammer).

      It isn't rocket science, we were implementing these things in the 90s...

  3. Paratrooping Parrot

    FBI is following the scams

    However, they do nothing about it. I guess they will do something about one scam if it affects a major politician or a famous person. Since it's the normal guys they can't be bothered. $5,302,890,448 in three years is not a small amount for the ordinary folks. Yet, they are happy to do everything to help the film and music industries to reap extortionate money from the ordinary folks sharing videos and music.

    This is going to get worse.

  4. Anonymous Coward
    Anonymous Coward

    There was a "future shocks" story in 2000AD that was about a similar scam. The main character in the story was charging big companies for "invoicing".

    1. John G Imrie

      It was a Judge Dredd story

      The main character was charging the companies for the time spent in drawing up the invoice. Being as the main character had obviously spent that time in drawing up the invoice Dredd was at a loss as to what, if any, law they had broken.

  5. F111F

    They claim pay, too...

    My company (of 45-50 people) was sued for back pay from wrongful termination by an individual who never worked for the company, in a state we'd never worked in. We went to court with the documents to prove our company had never employed anyone by that name. It's happened before to us and turns out it's a fairly common scam. Whenever the company doesn't settle, the claimant just says: "It was an honest mistake, I mixed up (whatever)." The judge dismisses the case and it's too expensive to pursue charges (prosecutors are not interested in such small fry).

  6. HAL-9000


    Don't you just love bean counters :P,

    perhaps they were taking a cut, just speculating.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022