CYBER LIABILITY: Invoice (Manipulation) Fraud Coverage


What is more important to a business than invoices?

What would happen if a cyber attacker manipulated invoices to steal a business’ expected payments?


Many businesses amend their cyber insurance to include invoice manipulation coverage to protect against this type of attack.


Take for example when attackers infiltrate an organization’s network and use a corporate email account to send clients fraudulent invoices designed to redirect payments into the attacker’s bank accounts. Manipulated invoices will replace the real account and routing number with the attackers. Since the invoice sender appears legitimate, the forged document raises no red flags until the payment fails to arrive in the legitimate account.


Most examples of invoice manipulation involve corporate email accounts that have been hacked into through theft, purchase, or forced logins into the accounting system.  They monitor the account for invoice trading activity, then send clients an email requesting payment to a new bank account or goods to a new shipping address. Often, this message contains a copy of the original invoice with the added details inserted, making it seem like this is a minor administrative change rather than blatant theft.


In extreme cases, the entire invoice is fake.  Lastly, the client will sign off on the transaction, while the attacker can delete these messages and other indicators that theft has occurred since access was granted.


Even if the cyber liability policy includes social engineering, which covers fraudulent payments authorized by the policyholder’s own employees, invoice manipulation is the inverse as the client authorizes the fraudulent payment. The client is not liable, though, since the invoice compelling that payment came from the insured’s own email servers.  Hence, a coverage gap.


Invoice Fraud coverage fills this gap, so that the insured has a way to recoup the losses if payments do not arrive due to invoice fraud. That, in turn, leads to enhanced risk management, better business continuity, enhanced customer trust, and improved brand reputation.  Without this coverage, the missing payment and client are gone for good.


Robust security control can protect both inboxes and invoices which can lower (or eliminate) the risk of invoice manipulation:

  • Email Security: Select a top-performing email solution and implement strong security controls i.e an employee password policy and MFA to ensure that only one person can access the inbox.
  • Employee Education: Offer regular training informing warning signs of invoice manipulation so that employees are aware of the risks.
  • Strengthening Internal Controls: Require dual verification before changing ACH payment details that make it harder for scams to succeed as planned.
  • Invoice Scanning and Validation Tools: These can automatically scan and validate invoices to expose any manipulations in the numbers.
  • Data Analytics for Anomaly Detection: These monitor email and accounting activity for signs of anything unusual.

Invoice Fraud coverage is a “must have,” so it’s important to find a cyber carrier that includes coverage.  Founders Professional represents many carrier partners that include invoice manipulation/fraud coverage as part of their cyber insurance program to help businesses meet cyber risk head on.


About the Author

Chris Votta is a Senior Vice President Professional, Executive, & Cyber Liability Practice Leader with Founders Professional. Chris can be reached at [email protected].