Companies that send invoices via links in emails

Forums › Off topic › Companies that send invoices via links in emails

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#243429 11-Dec-2018 14:02

I had an email from a company which was an invoice. In the email it said 'click here to view the invoice'. Although I do use services of the company, the domain sending the email wasn't the companies domain. I think it is a legit invoice, but it could easily not be. Scammers send similar emails, I've got several similar emails which probably link to malware. Is there any best practice for comapnies sending invoices. eg should the email itself contain the invoice, so you don't have to click on anything. Or should it be sent as a PDF

Zeon

3926 posts

Uber Geek
+1 received by user: 759

Trusted

#2143352 11-Dec-2018 14:03

Xero seems to be on a crusade to stop sending invoices as PDF attachments rather forcing people to click on the links to open. Annoying for sure.

Speedtest 2019-10-14

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#2143358 11-Dec-2018 14:12

Half the problem is you have idiots like SMX dropping mail that has any type of attachment on it. So sending invoices as an attachment is just not an option half the time.

At my old company, we changed the invoicing platform to a token based download system after having way too many 'xtra.co.nz' customers complaining they haven't received a bill and "why did you charge a late fee?!".

Going token/download based rocks, you can track the download, and know specifically when the customer has opened the invoice. You can use webhooks that kick off if an invoice hasn't been downloaded after x amount of days, to inform staff, or resend the invoice. Wouldn't do it any other way.

The new platform we are using now simply sends the customer directly to their own client portal where they can just view the invoice and then choose to download. Regardless, we can still track when they have viewed the invoice so get all the same benefits.

I really don't get what there is to get annoyed. I can understand being worried about security when the download comes from a totally different place than the email is sent from - but that's just poor implementation.

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2143359 11-Dec-2018 14:13

I've been getting daily emails emails pretending to be from different accounting systems, but the links in them show that they go to overseas domains, like .net, so appear to be scam emails. The problem with email is that it can be difficult to first know where the email has actually come from and whether he link is valid or not. As some NZ companies use third parties for their accounts who have their own domains, it can be difficult.

PolicyGuy

1820 posts

Uber Geek
+1 received by user: 1769

ID Verified

Lifetime subscriber

#2143375 11-Dec-2018 14:41

I would be very, very reluctant to click on a link in an email from "XYZ.co.nz", unless the link, when I look at it, leads to a URL in the "XYZ.co.nz" domain name space.

So, provided that "XYZ.co.nz" is a company I do business with, I'll click on a link like "payments.XYZ.co.nz" or "XYZ.co.nz/payments".
But if the link resolves to something like "neverheardofit.com" or "123.231.221.45", then I ain't clicking it. Not nohow.
Probably I'll report it as Phishing to "abuse@XYZ.co.nz" (or whatever their WHOIS record points to), or I'll just click on the 'Mark as spam' button and ignore it.

It's not like it's technically difficult to provide a URL that is obviously part of the related company domain name space, but which redirects to the 'real' place. Doing that provides a significant level of confidence that you're actually dealing with "XYZ.co.nz", and not someone pretending to be them.

Peppery

919 posts

Ultimate Geek
+1 received by user: 188

Trusted

#2143424 11-Dec-2018 15:14

Somewhat tangentially related, one of our clients is a very large multinational. This is a fully legitimate purchase order we received recently from them - spot the red flags. At least it claimed to come from their domain.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#2143435 11-Dec-2018 15:25

I only seem to encounter that with people who use a particular online accounting firm which has yet to make a profit.

Dyson

Shop now for Dyson appliances (affiliate link).

shrub

790 posts

Ultimate Geek
+1 received by user: 272

ID Verified

#2143466 11-Dec-2018 16:03

Im getting lots these in my junk folder daily now. All look like xero invoices. Outlook hides the real email address now so you have to look deeper to filter the real from the fakes. I get alot of random invoices due to the work I do so if the company uses xero tough luck. Send me a pdf or you wont get paid ontime.

I do wonder if xero has had a data leak.

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2143467 11-Dec-2018 16:07

The sender of the email actually came from my accountant, who appears to use another billing company for their online billing. But the email address it was sent from was this companies domain name, using a .co.nz address, in this format. acountantingcomapniesname@billingcompaniesname.co.nz. But the link in the email is a totally different domain, which ends in .com, which is in the format of accountingcompanyname.thirdpartydomain.com/lotsofrandomtextandslashes . It is a legitimate invoice email though, it is just that if I wasn't aware that it was legitimate, I would pass it off as a scam one because I see warning signs in it where I don't want to click on the URL.

mattwnz

20515 posts

Uber Geek
+1 received by user: 4795

#2143469 11-Dec-2018 16:14

shrub:

Im getting lots these in my junk folder daily now.

I have had several of those too, a few today aas well, some are from mining companies and for similar amounts. I wouldn't click on the link though, as I know that they aren't for me. But I do wonder if they link is to a malware website, or if it they are using it to get credit card information. But I won't ever know as I won't click the link.

Aredwood

3885 posts

Uber Geek
+1 received by user: 1749

#2143513 11-Dec-2018 17:30

Gmail also files emails from those bulk invoice senders in sub folders automatically. As Gmail can see that lots of emails are being sent from a single domain.

I have missed paying a few invoices, because they have never appeared in either my inbox or spam folder. And yes Xero invoice emails are filed into sub folders instead of the primary folder.

Gmail also only gives a new email notification if it puts an email into your primary inbox folder.

Tracer

343 posts

Ultimate Geek
+1 received by user: 151

#2143535 11-Dec-2018 18:48

chevrolux:

The new platform we are using now simply sends the customer directly to their own client portal where they can just view the invoice and then choose to download. Regardless, we can still track when they have viewed the invoice so get all the same benefits.

I really don't get what there is to get annoyed. I can understand being worried about security when the download comes from a totally different place than the email is sent from - but that's just poor implementation.

How can I automatically file the invoice (and invoices from many other companies) in my own system?

AliExpress

Shop now on AliExpress (affiliate link).

Groucho

542 posts

Ultimate Geek
+1 received by user: 216

#2143994 12-Dec-2018 11:28

mattwnz:

I've been getting daily emails emails pretending to be from different accounting systems, but the links in them show that they go to overseas domains, like .net, so appear to be scam emails. The problem with email is that it can be difficult to first know where the email has actually come from and whether he link is valid or not. As some NZ companies use third parties for their accounts who have their own domains, it can be difficult.

Yup have had all those plus phases of "Australian" businesses that look almost identical to legit invoice emails from Xero. Except I don't recall having around AU$800 worth of plumbing services done.