Invoice fraud
A scam in which fraudsters impersonate a genuine supplier and trick a business or individual into paying an invoice into a fraudulent bank account.
Also known as: mandate fraud, supplier impersonation fraud, payment diversion fraud
Last reviewed: 1 June 2026
Invoice fraud (also called mandate fraud) typically involves an attacker intercepting or monitoring business email communications, identifying a pending payment to a supplier, then sending a spoofed or hacked email claiming the supplier has changed their bank details. The victim pays what they believe is a legitimate invoice but the money goes to the fraudster.
Variants include submitting entirely fake invoices for services never provided, and impersonating solicitors or conveyancers during property transactions to intercept large conveyancing payments.
Prevention requires a strict verbal verification policy: any request to update payment details should be verified by calling the supplier on a phone number from your own records, never from the email itself. This is one area where process rigour is more protective than technology.