How do I spot a fake invoice?
Fake invoices insert fraudulent bank details into legitimate-looking bills or charge for goods and services never ordered — always verify new payment details by phone before paying any invoice.
Last reviewed: 10 June 2026
Explanation
Invoice fraud takes two main forms. In the first, criminals intercept or impersonate a real supplier and send a duplicate invoice with fraudulent bank account details swapped in. The buyer pays what looks like a normal bill but the money goes to the fraudster. This is especially common in business-to-business settings but also affects individuals using tradespeople or lawyers.
The second form is the bogus invoice — a bill for something you never ordered, such as a directory listing, advertising space, or office supplies. These often arrive by email or post and look official enough that an accounts department might pay without checking. They rely on volume: even a low payment rate across thousands of recipients generates profit.
For the bank-account-swap variant, the tell is a change to payment details that arrives by email without being confirmed by phone. Legitimate suppliers rarely change their bank details, and when they do they will confirm it through a second channel. An email alone — even one that looks exactly like your supplier's address — is not enough. Check the email header: if the sender domain is one letter off from the real company (yoursupp1ier.com instead of yoursupplier.com), it is a spoofed address.
For unsolicited invoices, check your purchase order records. If no one in your organisation placed the order referenced, treat it as fraudulent. Ask the company sending it for a signed copy of the original contract — legitimate companies will have one; fraudsters will not.
Common red flags
- Bank account or sort code different from what you have paid before
- Change to payment details arrived only by email with no phone confirmation
- Invoice for goods or services you did not order
- Sender email domain has a subtle typo compared to the real supplier
- Extreme urgency: 'pay within 24 hours or face late fees'
- Invoice number or date format inconsistent with previous genuine invoices
What to do now
- Do not pay until you have verified new payment details by phone using a number you already have
- Compare the invoice against previous genuine invoices from the same supplier
- Ask your supplier to confirm the change in writing on official letterhead
- Report bogus invoices to Trading Standards (UK) or the FTC (US)
- If you already paid, contact your bank immediately — faster payment fraud can sometimes be recalled
- Notify your accounts team to be vigilant for similar attempts
Frequently asked questions
Can invoice fraud happen even with a supplier I trust?
Yes. Fraudsters may hack or spoof your supplier's email account. Always verify bank detail changes by calling a number you already hold.
Are unsolicited invoice senders breaking the law?
Sending an invoice for goods not ordered with intent to receive payment is fraud. Report it rather than paying or ignoring it.
What is mandate fraud?
Mandate fraud is the technical name for the bank-account-swap attack. The victim authorises payment to a fraudulent account believing it is a legitimate supplier.