What is a fake invoice scam?
A fake invoice scam sends fraudulent payment requests to businesses or individuals, hoping that recipients will pay them without checking whether the goods or services billed were actually ordered or received.
Last reviewed: 10 June 2026
Explanation
Fake invoice scams target businesses most often because corporate payment processes can be complex and involve many suppliers. Fraudsters send professional-looking invoices for services that appear plausible — website hosting, office supplies, advertising, domain renewal, health and safety compliance — in the hope that accounts payable staff will process them without cross-referencing purchase orders.
Directory scams are a long-running variant: a company receives an invoice for a 'business listing' in an online directory they were supposedly registered in, or an apparent renewal notice that closely resembles a genuine domain or trademark renewal. The invoices are designed to look like bills from services already in use.
Some fake invoices arrive by post, some by email, and increasingly some arrive through compromised supplier accounts (overlapping with BEC fraud). The common element is that no legitimate business relationship or purchase order underlies the invoice.
Controls include requiring all invoices to match a purchase order before payment, maintaining a verified supplier list against which new payment details are checked, and training staff to verify any new banking details by phone before updating records.
Common red flags
- An invoice for a service not in your supplier list or that no one remembers ordering
- A 'renewal' notice for a directory listing, domain, or registration in small print
- Invoice sender banking details differ from those used previously for this supplier
- An invoice arrives via email only with no corresponding purchase order
- The invoice amount is small enough to fall below standard authorisation thresholds
- A new supplier appears in the system for the first time with a payment due immediately
What to do now
- Implement a three-way matching requirement: purchase order, delivery note, and invoice must match before payment
- Call any supplier requesting updated banking details using a number from your existing records, not the new invoice
- If you paid a fraudulent invoice, contact your bank immediately to attempt recall
- Report to your national fraud authority and trading standards
- Review your supplier master file for any accounts added without verified identity checks
Frequently asked questions
Are invoice scams illegal?
Yes. Sending fraudulent invoices for goods or services not provided is fraud. In most jurisdictions it also violates consumer protection and trading laws. However, grey-area directory invoices often use deliberately ambiguous language to stay just below criminal thresholds.
What makes directory renewal invoices effective as scams?
They mimic legitimate renewals with official-looking formats, reference numbers, and urgent payment terms. Businesses receive hundreds of legitimate supplier invoices and directory renewals, so fraudulent ones blend in. Staff processing payments often do not recall what subscriptions the business holds.