This is an interesting article from today’s NY Times where an individual pled guilty to taking tens of millions of dollars from Facebook and Google by sending them fake invoices that appeared to be from a legitimate vendor. This is a similar story to the one I posted recently about diverting employees’ direct deposit.
The principal is the same and pretty simple:
- Request for payments need to be verified
- In this case, invoices should be associated with a work product (for example, whoever is in your company working with the vendor should review and approve the invoice)
- Never change payment instructions based on a document that was pushed to you without thorough checking.
Not sure how to handle this? Take a look at my book on Policies and Procedures.