Skip to main content
For Legal Professionals
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

Fake Invoice Scam Got Facebook and Google for $120M

By George Khoury, Esq. on April 01, 2019 | Last updated on April 05, 2019

As the fraudsters and the methods they employ become more and more sophisticated, in house and general counsel need to be more attuned to the risks these sophisticated fraudsters present.

Recently, it has been reported that one major scammer was arrested and pleaded guilty to wire fraud after getting paid for over $120 million in fake invoices sent to Google and Facebook. And if you think that your company couldn’t be next, you might want to read up on how the scheme worked to ensure the proper safeguards are in place.

The Business Email Compromise

Last year, the FBI’s Internet Crime Complaint Center warned businesses that these types of crimes are on the rise. In short, the scammers impersonate legitimate businesses, then send out invoices to companies seeking payments for services the company being impersonated may or may not have actually done.

In the recently reported case, the fraudster went as far as to create fake contracts, letters, and more, to substantiate the invoices he sent. And these days, with how simple technology makes document creation, forgeries can be rather convincing. So if your account managers aren’t trained to identify and shut these scams down, you may be at risk.

Tips to Protect Against the Business Email Compromise

First and foremost, it may be impossible to protect against the scammers impersonating your company, which might be the scariest part of all of this. If you discover that your company is being impersonated, contacting the authorities and taking actions to mitigate your damages should be the top priorities.

But, on the other end of the scam, there are a few things you can do to protect your business from paying out fake invoices, apart from the routine cyber-security best practices

  • Track all expected invoices, and thoroughly investigate all unexpected ones.
  • If a vendor requests a change in the way they are paid, investigate thoroughly and verify before paying.
  • Require secondary authorization, or multi-factor authentication, for fund transfers, including phone verification using known good numbers (and not the phone numbers in the emails requesting payment, or on the invoices).

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard