AI-Generated Fake Invoice Scam
Fraudsters use AI to produce highly convincing fake invoices — matching a real supplier's branding, tone, and billing history — that trick businesses and individuals into paying money to the wrong account.
Last reviewed: 5 July 2026
What this scam is
AI-generated fake invoice scams use generative AI tools to produce fraudulent invoices, payment requests, or billing emails that closely mimic a real supplier, contractor, landlord, or service provider — often based on genuine invoices or correspondence the scammer has obtained through a prior email compromise or public data. Where older fake-invoice scams relied on generic templates and were often caught out by inconsistent branding or clumsy wording, AI tools now let scammers replicate a specific supplier's exact invoice layout, tone of voice, and even reference genuine past transaction details.
The scam targets both businesses, where it overlaps heavily with business email compromise, and individuals, who may receive a convincing fake invoice for rent, utilities, subscriptions, or freelance work claimed to be owed. The fraudulent invoice typically directs payment to a bank account controlled by the scammer rather than the legitimate payee, sometimes accompanied by an AI-drafted email explaining a 'recent change of bank details.'
Because the invoice can be generated to match a real, previously seen supplier relationship in exacting detail — correct logo, correct invoice numbering conventions, references to a real prior order or contract — recipients are far less likely to notice anything is wrong compared with earlier, more generic fake-invoice attempts.
How it works
The scam often begins with a compromised email account — either the supplier's or the target's — giving the scammer access to genuine past invoices, email threads, and communication style to feed into an AI tool as source material. Where no compromise has occurred, scammers can still gather convincing detail from publicly available website branding, LinkedIn activity, or leaked data, then use AI image and document tools to recreate an invoice template that is visually near-identical to the real thing.
The scammer then sends the fake invoice from a lookalike email domain (often differing from the real one by a single character) or, in more advanced business email compromise cases, from the actual compromised account itself. The message is drafted by AI to match the supplier's usual tone, sometimes referencing a genuine recent order, project milestone, or previous invoice number to build credibility, and includes an explanation for updated bank details — commonly a claimed change of bank, an audit, or a new payment processor.
Because businesses often process a high volume of routine invoices with limited scrutiny, and the fake document matches expected formatting exactly, payment can be authorised and sent before anyone notices the banking details have changed. By the time the real supplier chases the unpaid invoice, the money has already left the target's account.
Why this scam works
Invoice processing is often a routine, high-volume task performed under time pressure, and people default to pattern-matching — if a document looks exactly like the hundred previous invoices from the same supplier, it doesn't prompt the same scrutiny a genuinely unfamiliar request would. AI removes the small inconsistencies (wrong logo resolution, odd phrasing, mismatched invoice numbering) that used to be the main giveaway, closing the last easy detection gap for a busy accounts-payable employee or individual paying routine bills.
The scam also exploits organisational hierarchy and process gaps: a claimed 'change of bank details' is a mundane, plausible administrative event that rarely triggers independent verification unless a specific policy requires it, especially when the request appears to come from a long-established, trusted supplier relationship.
Common red flags
- An invoice arrives with a claimed change of bank account details
- Sender email domain differs slightly from the supplier's known genuine domain
- Unusual urgency or pressure to pay before the normal invoice cycle
- Invoice references genuine past details but requests payment to a new account
- Formatting subtly differs from the supplier's previous invoices
- Request to keep the bank-detail change confidential or bypass normal approval
- Contact number or email on the invoice does not match previously verified contact details
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Please note our bank has changed processors — kindly update our account details to [account] for this and future invoices.
Following our recent order, please find attached invoice [number] for [amount], payment due within 5 business days.
Apologies for the short notice, our finance team requires this invoice settled today to avoid a late fee.
Due to an internal audit, please direct all future payments to the new account listed below.
Common variations
- Business email compromise combined with AI-drafted fake supplier invoices
- Fake landlord or property-management invoice claiming a new rent payment account
- Freelancer or contractor impersonation invoicing for work never commissioned
- Utility or subscription-service fake invoice threatening service disconnection
- Lookalike domain sending an AI-recreated invoice matching a real supplier's template
- Fake 'updated bank details' follow-up email sent shortly after a genuine invoice
How to verify before you act
Any invoice containing a change of bank account details should be verified through a phone call to a known, independently sourced number for the supplier — never a number or contact listed on the invoice itself, since that may be part of the fraud. For businesses, implement a mandatory callback policy for any banking-detail change before the first payment to the new account is made, regardless of how convincing the paperwork appears.
Cross-check the sender's email domain character by character against previous genuine correspondence, and compare the new invoice against the supplier's last few genuine invoices for subtle formatting drift. If in doubt, contact the supplier through an entirely separate channel — their main published switchboard number or a long-standing personal contact — before releasing payment.
Payment methods used
- Bank transfer
- Business banking wire transfer
Who is usually targeted
- Accounts payable teams
- Small business owners
- Freelancers and contractors
- Individuals paying rent or utility bills
What to do immediately
- Pause payment and independently verify any bank-detail change by phone
- Contact your bank immediately if payment has already been sent to a new account
- Notify the genuine supplier that their invoice or email may have been spoofed or compromised
- Check whether your own email system shows signs of compromise
- Report the incident to your national fraud reporting authority
- Review accounts-payable controls to require callback verification going forward
- Alert colleagues or other departments who may receive the same fake invoice
How to prevent it
- Require a phone callback to a known, independently sourced number before changing any supplier bank details
- Check sender email domains character by character rather than trusting the display name
- Compare new invoices against a supplier's previous invoices for subtle formatting changes
- Implement dual-authorisation for payments above a set threshold
- Train accounts-payable staff specifically on AI-enhanced fake invoice tactics
- Maintain a verified contact list for suppliers separate from information found in emails
- Be especially cautious of any invoice arriving alongside a claimed bank-detail change
Evidence to preserve
- The full fake invoice document and email headers
- The sender's email address and domain details
- Any previous genuine invoices from the same supplier for comparison
- Bank transfer confirmation and account details used
- Correspondence with the supplier confirming the invoice was fraudulent
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How can I tell an AI-generated fake invoice from a real one?
Compare it closely against previous genuine invoices from the same supplier for subtle formatting differences, and always independently verify any request to change bank account details by phone before paying, regardless of how authentic the document looks.
What is the single most effective defence against this scam?
A strict policy requiring phone verification of any bank-detail change through an independently sourced number, before the first payment is made to the new account, defeats the great majority of these attempts regardless of how convincing the invoice appears.
Can this happen to individuals, not just businesses?
Yes, individuals can receive convincing fake invoices for rent, utilities, or freelance work, particularly if a landlord's or service provider's email account has been compromised and used as the source for genuine correspondence.
What should I do if I've already paid a fake invoice?
Contact your bank immediately to attempt a recall of the transfer, notify the genuine supplier so they can warn other clients, and report the fraud to your national fraud reporting authority as soon as possible.