Businesses in Bahrain are being urged by a top expert to stay vigilant due to the rising number of fake invoice scams in the country and across the GCC.
LexisNexis Risk Solutions fraud and identity senior director Rob Woods warned that more scammers are impersonating vendors and service providers in order to con companies out of money.
LexisNexis is a global data and analytics company that provides technology services, predictive insights and fraud prevention tips for a wide range of industries.
Speaking to the GDN, he has warned companies in the region to double-check their invoices before paying out money. “Invoice fraud is a well-co-ordinated attack in which fraudsters impersonate a trusted vendor or partner and attempt to scam businesses into paying a fake invoice,” said Mr Woods. “They can also con companies into transferring money for a legitimate invoice to a fraudster-controlled account.
Mr Woods
“To achieve this, fraudsters might send fake invoices with bogus payment details, hack a company’s email account and intercept genuine email threads, or create a very close copy of their email address and send mail informing of bogus payment detail changes.
“Sometimes they may apply pressure to get a payment, but others might rely on hiding offending invoices amongst a big pile of genuine ones.”
Scammers are increasingly using social engineering tactics like urgency and impersonation to bypass standard verification procedures.
They gain access to a legitimate company’s email account or create a very similar-looking email address. They then intercept a real invoice and modify the banking details to their own, hoping the recipient pays without noticing the change.
Instead of aiming for direct payment, some fake invoices include an alarmist note or a fake customer service number to call. When the victim calls, the scammer attempts to extract sensitive personal or financial details.
Mr Woods stated that 41 per cent of cyberattacks against organisations in the Middle East manipulate people into giving out information or transferring money involving social engineering techniques, such as phishing emails or calls impersonating a legitimate bank.
“Bahrain is seeing a surge in scams as digital transactions increase and fraud tactics become more sophisticated and convincing than ever,” he said. “Fraudsters actively exploit weaknesses, tricking victims by impersonating a trusted party, convincing them to make payments, timing their attack at particularly busy times and using advanced technologies like deepfakes to bypass traditional security measures.”
He also highlighted the growing role of AI in such scams, which make it harder for companies to distinguish conmen from legitimate invoices.
“Gen AI tools are getting better at creating convincing fraud tools like fake invoices more quickly, which makes it easier for fraudsters to scale their operations,” he said. “Humans increasingly struggle to differentiate between authentic and fake images or documents.
“AI-powered technology designed to detect deepfakes provides the most effective solution against AI-generated fraud.
“This scam is also somewhat unique because it is hard to prevent using standard fraud tools and relies on human beings having the attention to detail to spot the red flags.”
In order to combat such scams, Mr Woods recommends companies and officials in Bahrain and the GCC regularly exchange information about such scammers and their techniques in order to raise awareness.
“Fraud rings are highly matrixed and network with one another,” he explained. “The best way to fight a fraud network is another network that shares risk insights.
“Fraud risk insights become more effective when regulators and law enforcement actively engage by sharing intelligence that leads to arrests and convictions. The more participants in this network for good, the better.
“Additionally, organisations of any size can join a global community of like-minded entities to share knowledge and combat fraud as a network. This kind of collaboration is essential for strengthening Bahrain’s financial ecosystem and protecting it from global threats, and is required to drive Bahrain’s Economic Vision 2030.”
Finally, he has also urged companies to do their part on an individual basis as well to ensure they avoid getting scammed due to complacency.
“Be meticulous about checking that a request is genuine,” he said. “Don’t rely solely on the contact or bank details shown on the invoice. Contact the person or organisation directly on a trusted number to confirm any account details. When making the payment, check if the name on the account matches the correct company or person.”
nader@gdnmedia.bh
&uuid=(email))