Fake Invoice for Cloud Storage

Could one of you lovely experts advise on the below?

My organisation has received an invoice for EUR350 from a company called SafeCloudz.com

It was directed at an ex-employee who had no authorisation for sourcing services

The invoice had a bank account in Estonia, and the website is registered to a PO Box in the Seychelles.

It's set off my Scam Baiting alarms, but wanted to get a non-Baiting opinion first as this is related to my work. Is this thing common?

Thanks for your help

[AlanJones]

I would say that it is probably a speculative invoice and they are just hoping that it will get paid before anyone realises it isn't something the company has requested. But the worrying thing is that it is addressed to a specific person, rather than just the "Accounts Dept" say. Is this ex-employee someone whose name would be known to people outside the company? And is there a possibility that he may have done this in spite for some reason?

One other thing, the domain was only registered on 29/12, so when did this employee leave your company and what period are they trying to invoice you for?

I'd say to be safe it would be worth passing it to your company's lawyers/legal department.

I think it may well be speculative, but more clever than just a generic addressee.
The employee was our most junior staff member who, I believe, would not have ordered such a service nor would have done it out of spite (in my opinion).

He left the company back in April 2014 and the invoice doesn't specify a period.

Anecdotally, there people on other forums who have had the same experience, again with the invoice addressed to a staff member that has left.

I suspect maybe they are using LinkedIn profiles to get the information on the company and the person?

Our accounts and legal teams are dealing with the legal bit.

What are your thoughts on whether it would be worth contacting the abuse team who own the domain and reporting it?

Thanks for your help

[AlanJones]

As he left in April 2014 and the domain was set up at the end of December, clearly there's no way he actually authorised it while he was working for your company, so your theory of them grabbing ex-employee details off of LinkedIn sounds plausible.

I would definitely say that complaining to the Abuse dept of the hosts is worth doing.

Also, it would we worth PMing the bank account details and supporting details to one of the Moderators here - they have good contacts at the majority of banks.

Well, looks like the report to the abuse team worked

The site is 'temporarily' down (according to the holding page at the URL)