Invoice Fraud

Fraudulent invoices delivered by attackers have resulted in some of the largest financial losses from BEC. With thousands of vendors and thousands more invoices to manage, it becomes easy for attackers to get lost and fraudulent invoices to be paid time and again.

Attack Breakdown

The framework that attackers use when launching email attacks starts with the Pretext. Attackers will impersonate a Brand, Internal Employee or a trusted External Partner/Vendor. In the case of an Invoice Fraud, the attackers will impersonate a vendor using a variety of methods. The email will commonly deliver the false invoice as an attachment, bypassing analysis due to lack of any traditional threat signals such as malware.

How Abnormal Stops Invoice Fraud (BEC)

Abnormal Behavior Technology (ABX) is Abnormal Security’s unique triangulation of Identity, Relationship and Content. Any single analysis may not lead to a high confidence decision, but ABX’s combination of the three pillars results in high precision and accurate identification of targeted email attacks.

  1. 01

    Abnormal Identity Model

    Abnormal builds external entity profiles with dozens of attributes. Financial requests from entities that have not regularly had a cadence of invoicing are suspicious.

  2. 02

    Abnormal Relationship Graph

    Profiling of prior communications shows no prior observed relationship between sender and recipient.

  3. 03

    Abnormal Content Analysis

    Computer vision techniques analyze the attachment. Prior references to the vendor in the invoice are checked, in addition to the bank name and routing information. Natural Language Processing algorithms analyze the email content for Topic and Sentiment.