See how this scam works and how to avoid it.

What’s one way scammers make an easy payday? By sending fake invoices to businesses to get real cash. Here’s what you need to know about invoice fraud and how to protect your business against it—because no one is immune to scam attempts.

How fake invoice scams work

Fake invoice scams are an imposter scheme. Most often, scammers create fake bills that appear to be from popular companies a lot of people use—like Microsoft, Apple or Amazon. People are familiar with these names, and this leads to letting one’s guard down. Scammers may also pose as smaller businesses.

In this scam the fraudster emails or texts an invoice. A common ploy is that they claim payment was unsuccessful. At first glance, the invoice looks legit, right down to the logo. However, there are clues that indicate it’s a fake.

The first clue you’re dealing with a scam is a directive to click on link. Especially if it claims to be urgent. Unless you act right away, the message says, there will be consequences, such as a service being cut off. Once a person clicks the link, they’re prompted to share valuable information, like credit card or banking details. Clicking on a link might also download malware onto a victim’s computer.

Here’s how the scam played out for one Consumers member who received a fake invoice from a fraudster posing as Weebly, her website hosting company. She received an email that said her bill was overdue and if she didn’t pay her bill right away, her website would be shut down. This business owner was caught off guard; she was preparing for vacation and surely didn’t want her website cancelled. She clicked the link and filled in her credit card information thinking she was keeping her real Weebly account current. Within seconds, her credit card was used for fraudulent purchases in the Netherlands. Thanks to text alerts the member set up for her business credit card, she realized she’d been phished and immediately cancelled the card and requested a new account number.

The second clue is that the invoice is for a product or service you didn’t order. It’s easy to fall for a scam that looks like a subscription for something you do use, such as Microsoft 365.

Another clue to uncovering fake invoices is in the email sender info. If you look at the full email address of the sender, you can see that it’s not from the party the imposter is posing as. For example, you might see a generic @gmail.com or @yahoo.com address.  Alternatively, the scammer might use an email address that’s very close to the authentic one but is different by just one letter, symbol or number.

A real-life example of a fraudulent invoice email

Getting familiar with the signs of fraud will help you spot it when it shows up in your inbox. Here’s a real-life example of a fraudulent invoice email. Look closely at the three clues that it’s a phony.

1. There’s a sense of urgency with “Action Required: Unsuccessful Payment” appearing to be for a common product, Microsoft Office 365.
   
   

2. The email has an attachment labeled “Failed_Payment_Notification…” that requires clicking to see content.
   
   

3. The sender detail shows this email is not from Microsoft. Instead, it’s from someone posing as Microsoft under the business name Omnimicrosoft.
   
   

This notification is a fake! When you see an email like this, block the contact and delete the message. Do not click on the attachment.

The other victim in fake invoices

Companies that phishing scammers impersonate can suffer reputational and financial harm too. Imposters are known to hijack accounts by posing as a real business and claiming there’s a new payment procedure. Once money is redirected to a scammer, there’s almost no way of reclaiming it.

Protect your business against invoice scams

To protect your business from invoice fraud, follow these tips:

• Don’t click on links in suspect emails or texts. Log into your account using the URL you know to check your account details.
• Don’t call a phone number in a suspect email or text. Go to the company website you know. Beware that some scammers fake Google listings and that AI generated responses may lead to scam sites. Carefully examine the URL to make sure you’re going to a legit site.
• Train employees to be alert to invoice fraud. Encourage them to speak up if they have any questions.
• Use email filters to detect and block phishing attempts.
• Implement dual authorization for making payments. Have one person approve invoices and another make payments.
• If your computer systems are compromised by phishing or malware, get professional help to secure your systems.
• If your company has been impersonated by a scammer, inform clients and make sure they have the correct invoice and payment details.

Be vigilant

It’s not a matter of if you’ll receive fraudulent invoice emails but when. Keep your guard up with any request for payment. Remember that messages with an alarming tone are most likely scams.

When you identify a phony invoice, block the sender and delete the email. If you do get caught in a fake invoice scam

 

Federally insured by NCUA