Real Invoice vs Business Invoice Fraud (BEC)
How to spot a fraudulent invoice or bank-detail change request versus a legitimate supplier invoice.
Last reviewed: 1 June 2026
Business email compromise (BEC) fraud involves criminals sending fake invoices — or intercepting real ones — to redirect payments to accounts they control. The invoice may look identical to ones your supplier normally sends. The key difference is almost always a bank account change request.
Side-by-side comparison
| Genuine supplier invoice | Fraudulent invoice / BEC payment diversion | |
|---|---|---|
| Bank details | Account number stable over time; any change confirmed by a phone call to a known number | New bank details supplied in the email itself, often explained as 'banking change' or 'new account' |
| Email origin | Sent from a domain you have on file; no extra characters or hyphens in the address | Sent from a look-alike domain (e.g. supplier-invoices.com instead of supplier.com) or a spoofed address |
| Urgency | Normal payment terms; no unusual pressure to pay today | Marked 'urgent', 'overdue', or warns of legal action if not paid within hours |
| Verification route | Contact details on the invoice match those in your records and on the supplier website | Contact number given is a new mobile; replying to the email loops back to the fraudster |
| Invoice format | Consistent formatting, logo, and numbering sequence with previous invoices | Slight differences in logo resolution, font, or invoice numbering compared to genuine examples |
| Request scope | Invoices a specific agreed product or service | Vague line items, duplicate invoice numbers, or amounts that do not match any purchase order |
Common red flags
- Bank details changed in the same email as an invoice
- Supplier contact number on the invoice is a new mobile you cannot verify
- Email domain differs slightly from the known supplier address
- Unusual pressure to pay before end of day
- Invoice references no specific purchase order
Verification steps
- Call your supplier contact on the number you already have — not the one in the email — to confirm any bank change
- Compare the sender email domain character by character with your records
- Cross-reference the invoice against your purchase order system
- Implement a two-person sign-off rule for any change to stored supplier bank details
What not to do
- Do not action a bank-detail change based solely on an email, however convincing
- Do not call the phone number provided in a suspicious invoice to verify it
- Do not let urgency pressure override your verification procedure
A safe response
Treat any bank-detail change request as high risk. Verify by calling your usual supplier contact on a number from your own records before processing payment.
Frequently asked questions
Can my supplier's email account itself be hacked?
Yes — in some BEC cases the real supplier's inbox is compromised, making the email look perfectly genuine. This is why phone verification to a pre-existing number is essential, not just email-header checking.
Is BEC fraud covered by insurance?
Coverage varies by policy. Some cyber-insurance and crime policies cover BEC losses; others exclude them. Check your policy and speak to your broker if you have been targeted.