The research found that only 50% of owners and managers would check the details of an emailed invoice when asked to make an online payment, leaving them at risk from scammers posing as legitimate payees.
Among those who said they would check the details, two fifths said they would be satisfied doing this simply by calling the number on the email with the invoice, leaving them equally vulnerable to sophisticated scammers who can impersonate legitimate payees over the phone.
Four in ten (39%) said they would agree to pay fees to accountants into a new bank account following an email request, without making any checks to establish whether the request was genuine.
Sue Douthwaite, managing director of Santander Business, said: "By not checking invoice details carefully before making an online payment, small businesses are leaving themselves dangerously exposed to fraud. It's very concerning to see large numbers of businesses are putting themselves at risk unnecessarily.
"The criminals behind these attacks are getting increasingly sophisticated. I would strongly urge business owners and managers to ensure they have robust controls in place to prevent fraud and are always on their guard. Before attempting any paymens, business should always double check the details directly with the company, and in cases of suspected fraud, contact the bank immediately."
Invoice fraud is one of the fastest-growing scams hitting UK businesses. In its most recent fraud update, UK Finance reports that invoice scams were the third most common type of Authorised Push Payment (APP) scam. Nearly £50 million was lost by victims as result of invoice scame in the first half of 2018, the majority from non-personal or business accounts.
In an invoice scam, the victim believes they are paying an invoice to a legitimate payee, but the scammer instead the victim to make the payment to their account. This type of fraud often involves email interception or compromise.
In an attempt to prevent invoice scams, Santander Business has provided the following advice:
- Be vigilant - check carefully when a supplier asks you to change their bank account details, name, address or the invoice
- Confirm all supplier payments with brand new or changed financial details using contact details already held on file or on a publicly available number.
- Check bank statements carefully. Report any suspicious transactions to the bank immediately
- Ensure your business has robust internal processes in place to protect you from fraud and scams, including those around changes of payee
- Think carefully about publicly available information on your business which could be used by a fraudster and put you at risk of fraud. This could be on your website or in your office/business location. Remove anything unnecessary.