PAYMENT FRAUD
The email scam that hijacks invoices
WHAT IS PAYMENT FRAUD?
Payment Fraud when conducted through email is where a cybercriminal poses as a known organization, usually a supplier, and requests a payment. These scams are also known as Invoice or Wire Fraud and are often the last part in a multi-stage attack, where the senders mailbox was initially compromised after a successful credential theft. Once they’ve gained access to the mailbox, the attacker follows a process of silently monitoring the compromised account to observe organizational structure and payment processes, before intercepting the conversation as an invoice is about to be paid, providing fraudulent bank details.
Average Loss of €14k
Up to 100 Irish businesses in 2022 were conned out of an average of €14,000 due to invoice fraud - totaling approx. €1.4million.
467,361 complaints in 2019
467,361 complaints in 2019, an average of nearly 1,300 every day - recording more than $3.5 billion in losses.
(source: FBI)
UK: £92.7M Lost Each Year
Invoice and payment fraud scams cost organizations in the United Kingdom £92.7 million each year (2019).
(source: UK Finance)
WHAT DOES PAYMENT FRAUD
LOOK LIKE?
Invoice or payment fraud often look almost identical to legitimate emails and can be exceptionally difficult for email filters and recipients to tell them apart.
Compromised Mailbox
The attacker has compromised a mailbox belonging to a member of the finance team of a known supplier. With full access to their mailbox, the attacker can learn what type of language they use, what services they invoice for, and what customers they can target.
No Malicious Content
The absence of any malicious content renders AV engines and sandboxes obsolete.
Regular Language
The attacker can copy and paste language used in previous genuine emails, changing only the bank account numbers.
HOW DOES MESH PROTECT
AGAINST PAYMENT FRAUD?
Mesh applies over 250 unique filters to every single email it processes, protecting against the full spectrum of email attacks. Combining machine learning, predictive threat intelligence and advanced content analysis, Mesh identifies indicators of compromise, fraud, impersonation, phishing, malicious content, spam, and unsolicited marketing emails, keeping organizations and their people safe. Businesses should also have their own policies in place to confirm payments in via a secondary communication channel.
Financial Fraud Prevention
Mesh analyzes email content and language for indicators of financial fraud. Implicit or explicit requests for payment, inclusion of banking information like IBAN or Account numbers, are scrutinized for authenticity.
Contextual Banners
Informed employees are safer employees. Banners can be applied to emails warning of danger or advising caution, empowering employees to safely navigate their inbox. Banners are customizable.
Sender Relationship Analysis
Mesh leverages intelligence generated from an employee’s regular email activity - including who they receive email from, the time of day, distance from the sender, and other characteristics, enabling easier of detection anomalous traffic.
Its ability to detect emails specifically targeting high-risk individuals is incredibly reassuring
Mesh has significantly reduced the amount of email-related tickets we receive. The ability to manage everything centrally from partner level makes our job so much easier - we can make changes for all clients in one go. Onboarding was quick and painless, both our engineers and end-users took to it straight away.”
Jason Gilmer
Network Admin at Reading Bakery Systems
Ready to get started?
Make your customers safer and
your MSP more efficient.
MSP Success Stories
Discover how your MSP peers have made their MSPs more efficient and profitable, while delivering better email security to their customers.
Mesh is not for everyone
We’re developing the only email security platform built exclusively for MSPs, but nobody is perfect and Mesh is not for every team.