What is invoice fraud?

This is when fraudsters send fake invoices claiming to be from a real business you work with. Sometimes they hack the emails of your supplier to send the invoice, so the email address is genuine, but the payment details are changed to those owned by the fraudster. It’s sensible to call your suppliers on the number on their website to verify their payment details before you pay new account details for the first time.

Steps you can take to protect against invoice fraud:

  • Check invoices carefully
    All staff who process supplier invoices and have the authority to change bank details should check supplier names, addresses, invoice amount and bank details to ensure they’re correct.
  • Verify payment changes
    If a supplier asks to update their payment details, always verify it with them by calling the number on their website.
  • Follow up invoice payments
    When you pay a supplier invoice, let the supplier know the payment has been made, confirming the amount and bank details paid into. 
  • Check bank statements carefully
    Report all suspicious debits to your bank immediately.
  • Call suppliers back
    If you are suspicious about a phone request, say you’ll call the supplier back. Use the number published on their website or saved to your phone so you know it’s the genuine number you’re calling.
  • Review public information about your suppliers
    Fraudsters often thoroughly research suppliers of organisations so that they can convincingly impersonate them. It may be a good idea to remove any information about your suppliers from your website and other public materials.

Related FAQs

Related how-to guides

How to spot and prevent CEO fraud

How to report business fraud

How to protect your business from fraud

How to check that an email from Triodos Bank is genuine

How to check that a website is genuine

Find what you were looking for?

Search our help and support section for more

Go to help and support