Outsmarting rogue invoices and viruses
We have recently noticed quite a few blog posts and articles related to companies receiving rogue e-invoices by email containing viruses. e-Invoicing isn’t often lauded for its ability to protect organisations from virus attacks, but it can prevent major system upsets and is worth highlighting how.
First of all, attaching a PDF invoice to an email (whether it is signed or not) is not an e-invoice. If it relies on the same processes at the receiving end then it is simply a surrogate paper invoice. Notwithstanding my opinion, this is another way that hackers and general malcontents are using to entice us into their traps.
I’m sure that few people would now fall for an unsolicited email congratulating you on a huge win in a lottery you hadn’t entered or a sincere note from the widow of a wealthy aristocrat in an underdeveloped country who needs your help to get her millions out of the country. These tricks to facilitate a botnet, trojan or malware infection have been very common in the last few years.
Using common business channels as a way in is an interesting spin. Receiving an invoice as an attachment in an email, especially as a PDF, is now quite common, and if the email looks authentic, why would someone in Accounts Payable not open it? Many companies also use easy-to-guess email addresses such as [email protected] or [email protected], so there is a real risk that more businesses will be caught out unless sufficient protections are put in place.
There are basic lines of defence that should be a must for all organisations, such as blocking potentially dangerous attachments in your mail server; restricting what can be downloaded via a user’s browser and good quality virus scanning tools at both the server and the desktop levels.
Of course, true e-Invoicing – where data is captured and shared directly with a customer’s finance system – provides a complete defence against viruses in fake emailed invoices as an invoice goes straight into our network and not to the receiving party.
We do create PDFs, but only as supporting documents to the data that is automatically loaded into the Accounts Payable system. And as our PDFs are digitally signed and from a reliable source you know that they can be trusted.
So, while we can eliminate the worry of receiving rogue, infected invoices – in addition to giving you more accurate data, faster payment and happier suppliers – you still need to fend off the other nasty emails that may be heading your way.