KIS Bridging Loans
Presented by KIS Finance
What is Invoice Fraud and How to Protect your Business

What is Invoice Fraud?

Invoice fraud can occur in one of two ways;

  1. The scammer poses as you and sends fake invoices to your clients with their own bank account details, phone number and email address.

  2. The scammer poses as a regular supplier of yours and sends fake invoices to you.

How Does Invoice Fraud Work?

In order to pull off an invoice scam, the criminal will often hack into the business’ email accounts in order to gain valuable information about the company’s relationships with clients and suppliers. They will look for details of when regular payments are made and when invoices are sent to customers.

Once they have the information they need, they can start to clone invoices and email addresses. They will also look at the way you write and structure your emails and any other information that will help them to impersonate you.

How can they scam your clients?

There are two methods a scammer could use to fool your clients. The first method is contacting the client first and requesting that, when they receive their next invoice from the company, they change the bank details to the ones provided as the company has changed who they bank with. This way, the client will receive their invoice at the normal time and from the normal email address so nothing seems out of the ordinary.

The second method is simply sending the client a fake invoice, designed to look exactly like the legitimate one, which features the scammer’s bank account details, phone number and email address. The scammer will say that the company’s banking system has changed which is why they are receiving the invoice at a different time and why the bank details have changed.

The scam is normally detected when you go to chase the payment and your client proves that they have paid. Then you realise that they have sent the payment to a different account and you haven’t been paid for your work.

How can they scam you?

If the scammer wants to defraud you and not your clients, they will pose as one of your regular suppliers.

In order to do this, they will clone the supplier’s email address and invoices instead. Then, like they would contact your clients, they will send an email to you with the same claim that their banking system has changed therefore you need to change the account details you normally send the payment to.

You will discover the scam when the supplier contacts you about payment. They will tell you that their bank details haven’t changed and you realise you have sent the money to a fraudulent account.

How to Detect Invoice Fraud

If you are unsure whether you are being targeted, these are some of the steps you can take to detect a scammer;

  • Check through all invoices you receive very carefully and compare them to previous ones that you know to be genuine. On fake invoices the logo may be blurry, there may be spelling mistakes, or it may be laid out slightly differently.

  • Check the sender’s email address very carefully and make sure it matches the one you have on file exactly. Scammers can fool you by simply changing one letter or adding a number to the end.

  • Check that the other contact details provided on the invoice match the ones you have on file exactly.

How to Prevent Invoice Fraud

Every company is vulnerable to invoice fraud, so it is very important to ensure that every member of staff is aware of this.

Following these steps will help you to protect your business from invoice fraud;

  • Ensure that all members of staff who have the authority to process invoices and change bank details are very vigilant towards this. They should always be on the lookout for irregularities.

  • Change all passwords regularly and never use the same password for more than one account. You should also enable multi-factor authentication for as many accounts as possible to make them harder for fraudsters to access.

    Read our guide on how to choose a safe password.

  • If you have a request from a supplier to change bank details or the invoiced amount, contact someone you know from the company directly and ask if this is legitimate. You should use the contact details you have on file, not the details provided in the email or on the invoice.

  • Every time a supplier invoice is paid, you should contact them to inform them of the payment and the bank details used. You should also do this every time you send an invoice to a client to inform them of the payment amount and the correct bank details to use.

  • Consider what information you could remove from your website. Fraudsters often conduct very in depth research of your company and the companies you do business with so it may benefit your business to not have this kind of information publicly available.

  • Remember to always think carefully before performing any kind of financial transaction. Fraudsters will do everything they can to rush you into making a decision.

Watch Out for Internal Invoice Fraud

Although this is less common than external scammers, there have been cases where staff in authoritative positions have processed fake invoices for personal gain.

To prevent this from happening, you should implement a system where no invoices can be processed without being checked by another person. For example, if your business is vehicle repairs, you could have the engineer approve the invoice for the work carried out, while someone else is responsible for processing the payment.

How to Report Invoice Fraud

If you believe you have fallen victim to invoice fraud, you should immediately report it to Action Fraud UK. Action Fraud is the police’s national fraud and cybercrime reporting centre and from there it can be sent to an individual police force for investigation.

You can report fraud on the Action Fraud UK website, or by phoning them on 0300 123 2040.

Will I Get My Money Back after Invoice Fraud?

Unfortunately, after the fraudster has received the payment, they will move or withdraw the money making it very difficult to recover.

Also, as the payment would have been approved with all the correct security passcodes, it is unlikely that the payment would have been picked up by your bank as unusual or suspicious. This means investigations tend to be delayed and very lengthy.


Find it useful? Please share!