Invoicing Scams Targeting Medical Practices

December 3, 2013

How the burgeoning industry of invoicing scams is affecting physicians - and what you can do.

Continuing the theme of our last few pieces on holiday scams this week we take a look at the burgeoning industry of invoicing scams, that is, billing people for goods and services they never received, didn't order, or don't need. As with many of the other forms of fraud we've covered they peak at year-end when criminals know you and your office are busy and working with limited time.

How Bad is It?

It's bad. By some reports this form of fraud costs medical practices, businesses, and individuals like you billions of dollars a year for goods and services they never get. The scammers are sophisticated, often mimic known, real organizations in their names and presentation, and use scary language that makes you believe you will be subject to fines, penalties, collections, and even legal actions if you don't send them a check. They often send mailings out in large numbers, covering whole states and regions. The biggest ones even have corresponding websites and call centers that will follow up, bill, and collect from your accounting department.

What Are the Common Scam Bills They Send Out?

Everything under the sun. Common examples include goods and services like light bulbs, cleaning, maintenance, fines, and other recurring expenses your business may naturally incur. Given the large number of changes in taxes, labor laws, and health-insurance compliance issues for your staff under the Affordable Care Act, aka Obamacare, scammers are also targeting employers with false compliance and violation scare notices. A prime example is a notice a client of mine recently received from a "LABOR STANDARDS" organization in Phoenix. The invoice is conspicuously marked FINAL NOTICE in big red letters and says in bold, "Failure to comply with 2013 labor law requirements may lead to government fines and/or  audits" and demands a "fee" of $295 and states "NOW DUE." Careful reading reveals that it is not a bill, but a solicitation that (in my opinion) intentionally looks exactly like a bill for which they'll send you some posters that you are not required to buy by law. The state's attorney general issued a warning about this company specifically after the notice came to my attention. The law requires that the disclaimers be as large as the largest typeface used in the letter but they usually aren't, so read carefully.

What are the risks?

Aside from the obvious, paying for something you don't want, need, or never saw, the scammers now have either a credit card number and all required identifying details or your checking account number. While not all of those involved in invoicing scams further misuse that information, many do and the first payment may be just the beginning of a long trail of fraud and identity theft. The end of the year is a great time to check your credit as well and immediately and formally dispute any unauthorized accounts and charges.

Red Flags to Watch Out For

• Invoices from unfamiliar vendors

 Billing from out of state or out of the U.S. for services rendered locally

• Poorly constructed websites with navigation and spelling errors

• Account numbers that are different from your usual ones, even with vendors you actually use

• Lack of verifiable contact info and phone numbers

• Unusual amounts

• Duplicate bills and invoice numbers

• P.O. Box return addresses

• Homemade invoices or photocopies without supporting documents

Breaking News

I redacted some additional detail to warn you about something else that came to my attention while I was writing this piece, a new virus that locks you out of your own computer and demands bit coins or other untraceable forms of online payment as extortion for releasing your files. In many cases, even after you've paid, they hold your files hostage and make you pay more. According to reports, the scam often starts when you open an attachment to an e-mail that pretends to be a UPS or FedEx tracking notice. It's easy to get people to click on at a time of year when you are sending and expecting many packages, including your own online shopping. Be wary and don't open attachments; real organizations rarely send them and your antivirus is not 100 percent effective against such malicious software.