Fake invoices are one of the most common attacks small businesses face. They work because they target busy people doing routine work. A bookkeeper processing 40 payments before lunch isn’t looking for fraud, and attackers know it.
The good news? Most invoice scams share the same telltale signs. Once you know what to look for, you can stop the majority of them with a single phone call. Below, we break down the four red flags to check on every invoice, plus the simple rules that protect your accounts payable from costly mistakes.
What Is Invoice Fraud?
Invoice fraud happens when criminals trick a business into paying money to the wrong account. Sometimes they pose as a real vendor. Other times they create a fake one. The goal is always the same: get your team to send a payment before anyone verifies the details.
These scams often fall under a broader category called business email compromise (BEC), where attackers use spoofed or hacked email accounts to redirect legitimate payments. The losses add up fast, and recovering wired funds is rarely possible once the money leaves your account.
That’s why prevention matters far more than cleanup.
How to spot a Fake Invoice
Train your team to check these four signs on every invoice. Each one takes only seconds to spot.
1. A Bank Account Change on a Familiar Vendor
This is the most reliable indicator of fraud you’ll ever see in your inbox.
If a regular supplier suddenly emails you with new wire instructions or updated banking details, treat it as suspicious until proven otherwise. Attackers love this move because it redirects a payment you were already expecting to send.
Before you update any payment details, confirm the change by phone. Call the vendor using a number you already have on file, never the number listed in the email. The email itself could be coming from a compromised or spoofed account.
2. A Slightly Different Sender Domain
Attackers register lookalike domains that swap a single letter, add a hyphen, or change the ending. A common trick is using .co instead of .com.
At a glance, the mailbox name looks identical to the real vendor. That’s the point. The fraud only works if you don’t look closely.
Hover over the sender’s email address before you click anything. It takes half a second and can reveal a domain that’s off by one character. If something looks even slightly wrong, stop and verify.
3. Artificial Urgency
Real vendors rarely demand payment within 24 hours. Scammers do.
Watch for pressure phrases like:
- “We need this processed today.”
- “The CFO is asking for this before close of business.”
- “Your account will be suspended unless you pay now.”
This language is designed to push you past the verification step. When you feel rushed, slow down. Urgency is a tactic, not a reason to skip your checks.
4. An Email-Only Communication Chain
A real vendor relationship comes with more than an inbox. There’s usually a phone number, a payment portal, or a regular point of contact your team already knows.
If the entire interaction has happened over email with someone nobody on your team has actually spoken to, treat it as a warning sign. Pick up the phone and confirm you’re dealing with a real person at a real company before you pay anything.
The Two Rules That Stop Most Invoice Fraud
Spotting warning signs is step one. These two rules turn awareness into protection.
Rule 1: Verify by Phone Using a Trusted Number
Any change to bank details, any sense of urgency, or any new vendor relationship requires a phone call. Always use a number you already have on file, not one pulled from the email itself.
This single habit blocks the vast majority of invoice scams. Attackers count on email-only contact because it keeps you inside the channel they control. A phone call breaks that control instantly.
Rule 2: Require Two-Person Approval for Larger Wires
Set a dollar threshold that makes sense for your business. Any wire above that amount should require sign-off from two people.
A second set of eyes catches mistakes and slows down rushed payments. It also removes the pressure on any single employee to make a high-stakes decision alone.
Quick Checklist for Your Team
Print this “How to Spot a Fake Invoice” checklist, and keep it near anyone who handles payments:
- Did a familiar vendor change their bank account? ...Call to confirm.
- Does the sender's domain match exactly? ...Hover and check.
- Is the message pushing artificial urgency? ...Slow down.
- Has this all been email-only with an unknown contact? ...Verify by phone.
- Is the payment above your threshold? ...Get a second approval.
Share these rules with everyone who touches invoices, including bookkeepers, operations staff, and finance teams. Fraud prevention works best when the whole team knows the signs
FREQUENTLY ASKED QUESTIONS
How do I spot a fake invoice?
Check for four warning signs: a bank account change on a familiar vendor, a sender domain that’s slightly off, artificial urgency demanding fast payment, and an email-only chain with someone your team has never spoken to. If you see any of these, verify the invoice by phone before paying.
What should I do before changing a vendor's payment details?
Always confirm the change by calling the vendor at a number you already have on file, never the number in the email. A bank account change request is the single most reliable sign of fraud, so treat it as suspicious until you’ve verified it directly.
What is business email compromise?
Business email compromise (BEC) is a scam where attackers use spoofed or hacked email accounts to impersonate a vendor, executive, or trusted contact. Their goal is to redirect a legitimate payment to a fraudulent account, often by requesting new banking details or pushing for an urgent wire.
Can I recover money sent to a fraudulent account?
Recovery is difficult and often impossible once a wire transfer leaves your account. This is why prevention matters so much. Verifying payments by phone and requiring two-person approval for larger wires stops fraud before the money moves.
Who on my team should learn aboout invoice fraud?
Anyone who handles invoices or approves payments, including bookkeepers, accounts payable staff, office managers, and operations teams. Fraud prevention is strongest when everyone knows the warning signs.
