The NHS Counter Fraud Authority (NHS CFA) previously provided guidance on fake supplier invoice fraud, where fictitious invoices for office supplies such as printer toners and printer drums were being received, mainly by GP surgeries.
As an update, the NHS CFA has now notified that a third party is using the Sage accounting platform to facilitate this fraud. The fake invoices continue to request payment for printer items and generic office and medical supplies. In addition to GP surgeries, dentists, opticians, and pharmacies are also being targeted.
Fraudsters have created bogus companies, registered an account on Sage and paid subscription fees to use Sage services. Once an account is created on Sage, the fraudsters then create a fictitious invoice for payment, typically below £1000.
The fake invoice is then sent through the Sage software to its intended target such as a GP practice, who receives the invoice via a Sage email to disguise the identity of the fraudster.
Prevention Advice from the NHS CFA
Reconciliation of invoice received against purchase orders, booking confirmations, and goods/services received. If no goods/services received, don’t pay.
Invoices should be scrutinised against information already held on a supplier on file before they are approved for payment. Red flags could include:
- Unfamiliar company names that are not listed as an approved supplier on the register.
- Unprofessional formatting or spelling/grammatical errors.
- Discrepancies with reference numbers and invoice numbers that do not match details held on file or an unusual invoicing amount.
- Urgency of request, financial penalties if invoice is not paid within a specific time frame, or threatening follow-up correspondence (sometimes purporting to be from a solicitor).
Verification checks on suppliers’ information such as trading name and logo, invoicing address, contact details and bank account information to ensure they match with supplier’s details held on file, and belong to a legitimate company.
Use the supplier’s contact information already held on file, do not contact the supplier from the information held on the invoice.
Implement an established multi-step approval process by separating duties amongst colleagues between requisitioning, ordering, checking receipt of goods and services, and authorising payment. This adds an extra layer of security and scrutiny to help prevent fraudulent invoices slipping through for payment.
Action Required
Contact your Anti-Crime Specialist immediately if you believe your organisation has received a fraudulent invoice.
For further discussion and support, including fraud awareness training, contact: Tony Hall, Senior Anti-Crime Manager, email: fraud@tiaa.co.uk