Protect yourself from invoice scams

If you receive an invoice from one of your suppliers claiming that their bank details have changed and requesting you make a payment into a different account from the one you normally use, this should set the alarm bells ringing. You could be dealing with an invoice scammer.

These scams are very sophisticated; criminals may have been monitoring your business for some time, they may know who your suppliers are and when regular invoices are due for payment. They will go to great lengths to seem genuine and not raise the alarm: they may have set up spoof email addresses so that their messages look as if they are coming from your supplier, or even accessed genuine email addresses. Their communications will be professional. The first you may know is when your genuine suppliers contact you to say you haven’t paid their invoice.

But while invoice scammers are happy to spend time preparing for the scam they act swiftly when they have their hands on your money. It will be transferred out of the fake account very quickly, which makes it very difficult for your money to be recovered.

How to spot invoice fraud

  • A supplier asks you to pay an invoice into a different account. Scammers will ask you to update payment details you have for a supplier – it may be when the invoice is due, it may reference the amount and items you are paying for, but that does not make it genuine. In fact, this is the most common type of invoice fraud.
  • You receive an invoice from a supplier, but the payment details are different. Scammers can hack your supplier’s email and change the details on the pdf invoice; it may even appear in a genuine email trail.
  • You have a new supplier that you need to pay a high value, one off  transaction. This is when your business is most vulnerable because you may not necessarily know the correct payment details.
  • Your supplier requests urgent payment. For example, if you normally pay them 30 days after receipt of invoice but are asked to pay after a shorter period, say just 15 days.

How to prevent invoice fraud

  • Remove any details about your suppliers from your website, social media and printed business materials as this gives the scammers valuable information that they can use to target you
  • Make sure everyone with access to your business email knows that they must never open an attachment from an unknown sender as this could be a phishing scam. This could allow scammers to access sensitive information about your business or deploy malicious software into your system. You can find out more about phishing scams here.
  • Make sure that the person responsible for processing invoices in your company follows these straightforward steps:
    • Verify any change to payment details immediately, by calling the supplier. Do not email as this can be unreliable. Use the official number on their website.
    • For one off, high value transactions, ring the supplier directly to confirm payment details before making payment, using the official number on their website.
    • Check invoices carefully to ensure that all details are correct. If there are any discrepancies that you are unsure about, speak to the supplier directly.
    • Confirm invoice payments with your supplier. This will give you an early warning if you have paid money into a fraudulent account and may increase your chances of recovering your money.

How to report invoice fraud

  • Report the scam to Action Fraud, the reporting centre for fraud and cyber-crime in England, Wales and Northern Ireland:
  • Inform your bank immediately.  
  • Contact the Police on 101.
  • If your business has an IT department, inform them immediately.
View all news and events