Fake Invoice Business Email Scam Script
This scam email impersonates a known supplier or service provider your business regularly pays, sending a convincing invoice that includes changed bank account details, often referencing real project or order information to appear legitimate. It targets accounts-payable staff who process routine payments and may not think to double-check bank details that look plausible. The scammer's goal is to redirect a legitimate business payment, sometimes substantial, into an account they control before the real supplier notices it hasn't been paid. The most important step is to verify any bank detail change by phone, using a number already on file.
Last reviewed: 1 June 2026
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Please find attached invoice [number] for [amount] due [date]. Please note our banking details have changed. Please update your records and use the new details below for this and all future payments.
Hi [name], hope you are well. Quick admin note — we recently switched banks. The attached invoice should be paid to our new account: [fraudulent details]. Thanks for your continued business.
URGENT: Invoice [number] is now [number] days overdue. To avoid a late payment charge, please transfer [amount] to [fraudulent account] today. Remittance to [email].
Dear Finance Team, please process the attached invoice from [vendor]. Our new payment account details are listed on page 2. Please update your supplier records accordingly.
What the scammer wants
To intercept a legitimate business payment by convincing accounts-payable staff that a supplier has changed their bank details, redirecting the transfer to a mule account.
Red flags in the message
- Notification that bank account details have changed, sent by email only
- Slightly different email domain to the genuine supplier
- Pressure to update records and pay quickly
- No independent phone call to the supplier to verify the change
- Invoice amount slightly different from expected
A safe response
Call the supplier using a phone number from your own records — not one in the email — to verify any change of bank details before updating your records or making payment.
What not to send
- Payment to new bank details without verbal verification
- Confirmation of account details by reply email
- Payment ahead of the due date under pressure
What to do if you already replied
- Call your bank immediately to attempt to recall the transfer
- Inform your supplier so they can warn other clients
- Report to Action Fraud or the FBI IC3 and preserve all emails
Evidence to preserve
- Screenshot the full message or call details
- Note the sender number, email, or profile
- Save any links (without clicking) and payment details
- Record dates and times
Frequently asked questions
The invoice looks identical to previous ones from this supplier — how did they copy it so well?
Scammers often gain access to a supplier's or your own email account through a prior phishing attack, letting them see real invoice templates, past correspondence, and order details to make forged invoices highly convincing. This is why visual similarity alone isn't a reliable way to verify legitimacy.
We already paid the invoice with the new bank details — what should we do?
Contact your bank immediately to report the payment as fraudulent and request a recall, since speed significantly affects the chance of stopping or reversing the transfer, though outcomes depend on the payment method and timing. Also notify the real supplier and your company's finance and IT teams.
How can we verify a change of bank details is genuine?
Call the supplier using a phone number you already have on file, not one listed in the new invoice or email, and confirm any bank detail change verbally before processing payment. Treat any unexpected change of payment details as a required verification step, no exceptions.
Could our own email account have been compromised without us knowing?
Yes, this is common in these scams — check your account's login activity and enable multi-factor authentication, and have your IT team review for unauthorized email forwarding rules, which scammers often set up to monitor invoice conversations undetected.