Skip to content Accessibility

Attention! Investment scams are spreading. See more at: Investment fraud

Invoice scams

Invoice scam is a relatively common type of fraud where an organisation is sent fake invoices on behalf of a partner. A fake invoice usually only differs from the real one by the bank account details, which makes the scam easy to pull off. Companies unknowingly transfer money to the criminals, while their partners continue to wait for the transfer.

The sums lost to these scams are huge, often in the hundreds of thousands of euros, making them extremely lucrative to criminals. At the same time, such scams require preparation and a certain level of technical ability from the perpetrators for gathering background information and swapping the invoice at the right moment and in the right context.

In order to carry out invoice scams, fraudsters have usually previously hacked into the email system of the partner of an organisation or the organisation itself (for example, through successful phishing) and started to monitor the email exchanges there. This allows them to intervene at the appropriate moment – to remove the invoice emailed by the supplier and replace it with a fake invoice, as well as to provide further clarification if necessary.

Invoice scams are generally difficult to spot, but it usually works as follows:

  1. An organisation, often an accountant, receives an invoice from a partner by email.
  2. The email address of the sender is very similar or even identical to the real email address of the partner. An email containing an invoice may refer to previous conversations or agreements and have the right context.
  3. The received invoice looks genuine, only the bank account details have been changed.
  4. If the victim responds to the email and asks for clarification, for example, about the change in bank details, a credible answer to additional questions will be provided. The victim thinks they are dealing with a partner, but in reality, they are communicating with the scammers.
  5. The victim pays the invoice and the transfer goes through.
  6. At one point, a partner contacts you with an outstanding invoice.
  7. The victim realises that they have been scammed.

Here is what you can do to protect your organisation:

  1. Raise awareness: everyone who approves invoices in your company or organisation must know the nature and characteristics of invoice scams. Start by sharing this page with them.
  2. Establish a procedure for the approval of invoices. Stipulate a rule that if the invoice details (bank account number) have changed, the sender of the invoice must be contacted via the contact details agreed in the contract (or other previously known correct contact details).