Understanding Invoice Manipulation in Cyber Insurance

What’s more important to a business than invoices? They ensure that revenue arrives in full and on time, which in turn keeps cash flowing and operations moving. But what would happen if an attacker manipulated invoices to steal a business’ expected payments? It’s not as uncommon as it seems. In fact, many businesses amend their cyber insurance to include invoice manipulation coverage in order to protect against this type of attack.

What is Invoice Manipulation?

Invoice manipulation is when attackers infiltrate an organization’s network and use a corporate email account to send clients fraudulent invoices designed to redirect payments into the attacker’s bank accounts. Manipulated invoices will, for example, replace the real account and routing number with the attacker’s. But since the invoice sender appears legitimate, the forged document raises no red flags until the payment fails to arrive in the legitimate account.

Invoice Manipulation Examples

Most examples of invoice manipulation follow the same playbook:

1. Gain Account Access: Scammers will access a corporate email account by stealing, buying, or brute-forcing login credentials. They might alternately or additionally break into the corporate accounting system. They can then enter and hide in these systems without being noticed.
2. Monitor Invoicing Activity: Attackers will monitor when, how, and to whom the email account sends invoices, gathering intel about how the process works so they don’t arouse suspicion when they start manipulating invoices.
3. Manipulate Invoices: Clients receive an email asking them to send payments to a new bank account or goods to a new shipping address. Often, this message contains a copy of the original invoice with the new details inserted, making it seem like this is a minor administrative change rather than blatant theft. In extreme cases, the entire invoice is fake.
4. Cover Tracks: Getting the client to sign off on the account/address change may involve some back-and-forth communication. Since the scammer has access to the email account, they can delete these messages and other indicators that theft has occurred.

Why Invoice Manipulation Coverage is Important in Cyber Insurance

How serious is the problem of invoice manipulation? A 2022 survey asked 2,750 organizations how often they encounter invoice fraud, revealing 34,000 cases in just a 12-month period. When the fraud worked, the damages were substantial: middle-market companies lost $280,000 to invoice fraud on average.

Evidence also suggests the problem is getting worse. One report from 2022 indicates that losses from invoice fraud rose 13% over the prior year. This type of fraud caused more losses than any other form of fraud over a three-month period studied by researchers, and it accounted for 55% of all the funds that small businesses lost to scammers.

Invoice manipulation is clearly cause for concern — but doesn’t existing insurance coverage address this risk already? Probably not.

Most cyber liability policies, even those with a social engineering amendment, cover fraudulent payments authorized by the policyholder’s own employees. Invoice manipulation is an example of the inverse: the client authorizes the fraudulent payment. The client isn’t liable, though, since the invoice compelling that payment came from the insured’s own email servers.

Therefore, invoice manipulation falls into a common coverage gap. 

Invoice manipulation coverage added to your cyber insurance policy fills this gap so that the insured has a way to recoup the losses if payments don’t arrive due to this type of fraud. That, in turn, leads to enhanced risk management, better business continuity, enhanced customer trust, and a more favorable brand reputation.

Without this coverage, the missing payment is gone for good — and possibly the client along with it. 

How to Prevent Invoice Manipulation

Even companies with strict controls in place fall prey to invoice manipulation. Amazon, for instance, paid $19 million in invoices for goods it never purchased. Nonetheless, strict controls to protect both inboxes and invoices can lower (if never fully eliminate) the risk of invoice manipulation:

• Email Security: Make sure to select a top-performing email solution and implement strong security controls. Implement an employee password policy and require multi-factor authentication (MFA) to ensure that only one person has access to an inbox. 
• Employee Education: Offer regular training about the risks and warning signs of invoice manipulation so that employees keep this risk on their radar.
• Strengthening Internal Controls: Require things like dual verification before changing ACH payment details that make it harder for scams to succeed as planned.
• Invoice Scanning and Validation Tools: Rely on tools that can automatically scan and validate invoices to expose any manipulations in the numbers.
• Data Analytics for Anomaly Detection: Deploy analytics tools that monitor email and accounting activity for signs of anything unusual. 

Get Coverage for Invoice Manipulation from At-Bay

Far more businesses need invoice manipulation coverage than currently have it. That’s why it’s crucial to find an insurance provider that offers this type of coverage.

As the world’s first InsurSec provider, At-Bay combines world-class technology with industry-leading insurance and security expertise to help businesses thrive in the digital age. We offer invoice manipulation coverage as part of a comprehensive Cyber insurance program to help businesses meet cyber risk head on.

Read about our expansive Cyber insurance offerings →