Learning Center
What is invoice fraud?

What is invoice fraud?

In 2022 it was reported that US businesses lose an average of $300,000 to fraudulent invoices in a year.

The more invoices you’re processing, the more likely it is that one of these attempts could slip through and affect your cash flow.

The first step in preventing invoice fraud is awareness. Here, we’ll cover what invoice fraud looks like and the steps you can take to catch attempts before they harm you.

Key takeaways

Fraudsters send fake invoices to trick businesses into paying for non-existent goods or services

Quick actions and verification can prevent financial losses from invoice fraud

Reporting fake invoice payments quickly to banks and authorities can help recover lost funds

What is invoice fraud?

Invoice fraud happens when someone deliberately deceives a business for money or banking information by using a fake or altered invoice and requesting payment.

The goal of invoice fraud is to make you think you’re making a legitimate payment for goods and services.

Often, invoice fraud isn’t discovered until there’s a discrepancy with the supplier.

This is most commonly done by impersonating a supplier.

The fraudsters will likely tell you that payment information has changed and request a payment to the new account.

Their messaging will have a sense of urgency to get you to take action before you make any safety checks.

Sometimes fraud attempts are made by illegitimate vendors. Be aware of the warning signs and vet carefully when working with a new supplier.

One thing to keep in mind is that invoice fraud is different from an invoice discrepancy

Invoice discrepancies are when there’s a difference between an invoice and any other documents like a purchase order, receipt, or delivery slip.

While an invoice discrepancy can happen from an innocent mistake, invoice fraud has malicious intent.

There’s deliberate misinformation to try and scam you out of money.

What are the consequences of invoice fraud?

Invoice fraud impacts the business financially with a ripple effect on other parts of the operations.

If it’s a one-time payment, you risk losing that money. But if banking information has been provided, the accounts could be vulnerable to repeated attacks.

Beyond financial impacts, supplier relationships can be strained by missing payments you thought you already made.

There’s also the potential of clerical issues stemming from the fraudulent invoice. 

For example, if a fake invoice is processed that was an order for extra inventory, the business will believe they’re stocked up and won’t notice until they’ve run short.

Common invoice fraud strategies

There are multiple strategies used in invoice fraud. What’s common between them is they want you to believe that it’s valid and make you take action quickly.

Here are some of the most common types of invoice fraud:

Phishing attacks

With phishing, fraudsters impersonate the supplier, typically through email, with requests to change the payment information or for one-time payments being directed to a different account.

This fraud strategy wants you to act first and think later. 

The sender will use threats of fines, penalties, or breaking contracts to create a sense of urgency so you don’t take any protective steps.

How to protect yourself:

  • Check the sender’s email account is under the business’s domain
  • Verbally confirm any changes in payment information

Duplicate invoices

While occasionally done by mistake,  sometimes vendors intentionally invoice recipients multiple times for the same order. 

The hope is that the extra invoice will fall through the administrative cracks until it’s too late and a payment is made.

Duplicate invoices could be sent by mistake. But it’s still best to try and keep supporting documents in case a supplier argues it wasn’t an error.

How to protect yourself:

Inflated bill amounts

When a vendor inflates bill amounts, the invoice ends up being more than the original terms of the purchase agreement.

The vendor is intentionally billing you for items that weren’t ordered or raised the prices without notifying you.

How to protect yourself:

  • Review any logs of conversations for written agreements
  • Submit purchase orders you can refer back to


Non-delivery happens when the vendor has no intention of actually delivering the good or service you paid for.

An invoice is sent and payment is requested before the goods or services are delivered.

Sometimes non-delivery happens for innocent reasons.

Reach out to the supplier for a chance to remedy the situation before you escalate.

How to protect yourself:

  • Use three-way or four-way matching with a shipping slip and inspection report
  • Have an accounts payable policy that states payment comes after delivery

What to do if you’re a victim of invoice fraud

Falling victim to fraud can be a scary thing. 

But if you do fall for a fraud attempt, remember that you’re not alone as 65% of businesses reported being victims of payment fraud in 2022.

Fraud is incredibly common and there are support systems to help both businesses and individuals who have fallen victim. 

What’s essential is that you act fast and rely on these support systems to get a resolution as quickly as possible.

If you suspect you’re a victim of fraud, take the following steps:

  1. Report fraudulent transactions to your financial institution: Immediately contact the financial institution the payment came from and report the fraudulent transactions. This is your best chance at getting those transactions reversed.
  2. File a report to the Federal Trade Commission: The FTC has an online portal for reporting fraud. By explaining what happened, the FTC can investigate and prevent the fraudsters from making more attacks.
  3. Reach out to the affected supplier: Your supplier could also be a victim in this situation. Notify them of what happened so they can reach out to any of their customers who are also vulnerable to attack. Also, sort out a plan for settling any unpaid invoices as a result of the invoice fraud.
  4. Set up extra protections: Identify what caused the fraud attempt to be successful. This is an opportunity to understand where you’re vulnerable and to improve your systems as a counteraction.

An example of invoice fraud

Let’s illustrate how invoice fraud works and how you can catch it using a fictional situation.

Terry leads the AP department at Sweet Schemes Chocolate Company.

Every month, they place an order for cocoa from their usual supplier which ranges from $5,000 to $7,000 depending on the market price of the beans.

One day, Terry gets an email seemingly from their supplier regarding an unpaid invoice for $10,000. 

The email makes it clear that if the invoice isn’t paid that day, the supplier would have to impose a penalty and take Sweet Schemes to small claims court or break the contract altogether.

In the email is a link to an online payment portal where Terry can pay the invoice in full despite Sweet Schemes using ACH credits to pay their supplier. 

But, because of the potential impacts on the business, Terry acts fast and makes the payment.

Some days later, Terry checks the transaction history and doesn’t recognize the recipient of the $10,000 payment. 

Terry calls up the supplier to find out there never was an invoice for $10,000 and they weren’t the ones to send the email.

In retrospect, Terry recognizes a couple of warning signs that this was a fraud attempt as well as some additional steps they could have done before making the payment:

  • The email had a sense of urgency. Fraudsters want you to act first and think second. The threats of penalties, small claims court, and potentially breaking the contract were all warning signs that this was a fraud attempt and not a legitimate email.
  • The amount was unusual. Look for invoice totals that are greater or less than the usual billed amount. Also, check for round amounts if that’s atypical for the invoices you receive.
  • The email address could have been checked. Phishing scams will use emails that look similar to legitimate emails at first glance. Maybe instead of using “cocoabeans.com,” the scammer was using “cocobeans.com” or “c0coabeans.com.”
  • A verbal confirmation could have been made. There’s no harm in calling the point of contact at a supplier to confirm something in an email, text message, or written notice. Especially in the case of a late or missing payment fraud attempt, the call can also be used to notify them payment is on the way.
  • The payment option was different than usual. If a different method of payment is requested, it’s always best to confirm the details over the phone. 

How to prevent invoice fraud

The best way to prevent invoice fraud is to be educated on the warning signs and take a proactive approach.

Follow these tips to give yourself the best chance of catching fraud before it happens.

Get verbal confirmation when you’re unsure

Having a point of contact with your suppliers means having someone you can reach out to when you’re feeling uneasy about an invoicing situation.

In general, it’s best practice to reach out to your point of contact if there’s a request to change payment or banking information. 

Don’t say what the new payment information is, but get them to repeat it back to you.

Even for something like a late fee or missing payment, confirming over the phone gives you peace of mind that it’s legitimate. 

Plus, if you call and it is legitimate, you can use that opportunity to show your supplier you’re sorting out the payment as fast as possible, something that will get you back in their good books.

Implement accounts payable controls

Accounts payable controls are verification steps that need to be passed before a payment is issued. 

By implementing more controls in your process, you protect yourself from potential fraud and scams.

In particular, focus on invoice validation

Consider using two-way matching or three-way matching, which connects invoices to purchase orders and other supporting documents to ensure they are only being billed for what was ordered.

These extra steps go a long way in protecting a business from sending out unnecessary payments, be it from fraud or innocent mistakes.

Use a consistent review process

Reviewing invoices shouldn’t only happen if something goes wrong. Instead, it should be a regular activity with a consistent process.

By having it be a regular process, the AP team will stay up to date on outstanding amounts and is more likely to catch fraudulent invoices or communication.

The review process should include:

  • An audit of outstanding invoices and balances
  • Matching payments to invoices
  • Reviewing upcoming due dates for scheduling payments

If done correctly, the review process won’t just protect you from fraud, but help keep your accounts payable process running smoothly so payments are never late.

Have multiple people involved in the review process

Human error in anything is inevitable.

That’s why the best review processes involve multiple sets of eyes to confirm information.

While your AP team will lead the charge, stakeholders from other teams should be involved if a purchase order or invoice pertains to their department. 

They’ll be the source of truth on what was received and whether the invoice is accurate.

Consider having the payment completed by a different person than the invoice approval process. 

They can do one last cursory check and save someone from making a panic payment when a fraud attempt uses urgent language.

Move to software with built-in checks

The tools used in your accounts payable process can be the best partner you have in combating fraud attempts. 

Not only do they help with the review process, but they can automate tasks which frees up the time of AP teams for extra due diligence.

Look for an accounts payable platform that can automate the matching process and has built-in approval workflows where all communication is centralized.

This way, there’s a clear paper trail for the AP team to follow if a fraud attempt is made. (Hint: we know of a tool)

Dashboards also provide a bird’s eye view into a business’s outstanding accounts payable balance broken down by vendor.

If there’s any communication about an outstanding invoice, it’s easy to see if it’s accurate to what’s on your books.

Protect yourself from invoice fraud

With time and effort, you could review every incoming invoice and catch fraud attempts. But there’s only so much time in a day and there are other things to attend to.

That’s why BILL uses automation to expedite the invoice verification process. 

Invoice matching is done automatically and doing a quick audit if something seems fishy is easier than ever with all communication centralized on the invoice.

Try BILL for yourself and see how it can save you time and protect you from fraud attempts.

BILL and its affiliates do not provide tax, legal or accounting advice. This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on, for tax, legal or accounting advice. You should consult your own tax, legal and accounting advisors before engaging in any transaction. BILL assumes no responsibility for any inaccuracies or inconsistencies in the content. While we have made every attempt to ensure that the information contained in this site has been obtained from reliable sources, BILL is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in this site is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied. In no event shall BILL, its affiliates or parent company, or the directors, officers, agents or employees thereof, be liable to you or anyone else for any decision made or action taken in reliance on the information in this site or for any consequential, special or similar damages, even if advised of the possibility of such damages. Certain links in this site connect to other websites maintained by third parties over whom BILL has no control. BILL makes no representations as to the accuracy or any other aspect of information contained in other websites.