Falsified documents (Cybersecurity Awareness Month: Week 4)

28 October 2021

Thank you for following Cybersecurity Awareness Month! This is the final week, and we’re focusing on falsified documents. These can arrive in many forms, but increasingly false documents are being sent electronically via email.

Cybersecurity covers a wide scope. It’s important to be vigilant with everything you receive, including email attachments from what might be a legitimate source.

Always beware of any email attachments, and if in doubt do not open them. In the event that you do open an attachment you think is suspicious, and could contain malware or any other cyber threats, report it to your IT team immediately.

When you receive something that appears to have come from a genuine source, it’s worth giving it a close look over. Below is an example of why this is so important.

What errors can you spot in this false invoice?

Veritau’s fraud team has investigated many cases of Covid-19 grant fraud since the start of the pandemic. Many of these involve false claims for businesses that don’t really exist.

In one case, the invoice below was sent to a council client as evidence of trading. (Names and addresses have been changed for data protection reasons.)

Can you spot anything that doesn’t look right?

Falsified documents - Cybersecurity awareness month week 4 - false invoice document
(Click on the image to open a PDF version)


1. The logo appears to be from an online template, and no business name is there. The whole invoice generally lacks and branding (note the mixture of fonts and colours).

2. You can see where text boxes have been placed over something – there are patches of different colour on the shaded gradient parts, if you look closely (for example the date and both addresses).

3. The date format is different in two places – 05 May and 5TH May.

4. There are breaks in the text boxes where you can see something has been pasted over it, for example the date in the box and the subtotal.

5. Why is there no VAT to pay?

6. Who or what is Judie? And why is the company just called ‘Distributor’?

7. There are no details of where to pay the invoice (no bank details or purchase order) and no date for the invoice to be paid by.

8. The addresses provided on the original invoice do not exist, if you look on the internet for them.

9. If you were to examine the metadata of the original PDF file, it would show that the document was created in July 2021. But the invoice date is for 5 May 2021.

Falsified documents - Cybersecurity awareness month week 4 - false invoice with errors circled in red

(Click on the image to open a PDF version)

Messages to remember from Cybersecurity Awareness Month

Councils can suffer any type of cyberattack including whaling, ransomware, denial of service, phishing, hacking and so on. IBM’s 2020 report placed the average cost of a cyberattack at £2.87 million.

Cybercrime is becoming more prevalent, and the pandemic has only exacerbated the problem.

According to global data, 45% of employees see their organisation being at little or no risk of cybercrime, while 51% said that IT should be solely responsible for protecting their workplace from attacks.

Current password guidance from the National Cyber Security Centre (NCSC) recommends your passwords should be made up of three random words strung together.

Mandate fraud is a growing concern. This usually involves a fraudster posing as a creditor or supplier, requesting a change in bank details.

Always use previously established contact methods to verify the of a suspicious email source. If contact details have changed recently, double check against the company’s website or LinkedIn page.

Every employee has a responsibility to help prevent cybercrime.

To find out more about cybersecurity, visit the National Cyber Security Centre.

Recap Cybersecurity Awareness Month