What are fake invoice emails?
Fake invoice emails are phishing scams where criminals send emails pretending to be from legitimate companies and demanding payment for products or services that you did not purchase. The emails include fake invoices and aim to trick recipients into paying money into scammer accounts. These types of scams are also known as business email compromise scams.
The fake invoices look official and will often use the real company’s logo and branding. They may claim you have an outstanding payment for a subscription renewal, unpaid bill, or invoice. The emails will urge you to click on links to view invoices and make an urgent payment. If you click on links or attachments, you may be sent to fake websites designed to steal your personal and financial information.
Below is an example of a fake invoice email scam:
Example fake invoice email:
From: [email protected]
Subject: Urgent – Your SuperCompany Account 2348 Balance
Dear Valued Customer,
This is a notice that your SuperCompany account 2348 has an outstanding balance of $499. You must pay this amount immediately to avoid account suspension.
Please click here to view your invoice and settle the payment through our secure online portal.
If you have any questions about this invoice, please contact our Billing Department at [email protected].
Thank you,
SuperCompany Accounts Receivable
How to recognize fake invoice emails
There are a few red flags that can help you identify fake invoice emails:
You don’t have an account with the company:
If you receive an invoice but have never signed up for or purchased anything from the company, then it is likely a scam. Double check whether you have an account by searching your inboxes for previous emails or going directly to the company’s website.
Generic greetings:
Scam emails often start with impersonal greetings like “Dear customer” instead of your name. Legitimate companies will address you properly if you have an account with them.
Sense of urgency:
Fake invoices try to create a false sense of urgency by threatening account suspension or using phrases like “urgent payment required.” This tricks people into acting quickly without thinking. Always be wary of unsolicited demands for fast payment.
Spelling and grammar errors:
If an email contains shady links but also basic spelling and grammar mistakes, it’s likely a scam. Real companies will have proper spelling and grammar in professional correspondence.
Requests sensitive information:
Scammers may ask you to provide sensitive information like bank account details, credit card numbers or government ID numbers to “verify your identity.” Never give out personal information in response to an unsolicited email.
Odd links and attachments:
Fake invoice emails typically include links to phishing sites disguised as billing portals or attachments with malware. Do not click on links or open attachments from suspicious emails.
How to avoid falling for fake invoice scams
Here are some tips to protect yourself from fake invoice email scams:
Verify the sender’s address:
Even if the email uses a company’s logo, check that the sender’s email address looks legitimate. Scammers often use slightly different addresses. For example, [email protected] instead of [email protected].
Go to the company website:
If you receive an invoice from a company you have used before, avoid clicking any links in the email. Instead, manually navigate to their official website and log in to view your account and any balances.
Mark as spam:
If you identify a fake invoice email, mark it as spam. This helps train your email provider’s filters to detect similar scam messages in the future.
Contact the company directly:
Reach out to the company through their official contact channels to verify any payment requests. Do not respond directly to the suspicious email.
Use multi-factor authentication:
Enable two-factor or multi-factor authentication on important accounts like email, banking and credit cards. This adds extra login security, especially if you accidentally enter details on a fake phishing site.
Be wary of phone numbers:
Fake invoices often include customer service numbers. These may forward you to scam call centers designed to steal your money and information. Find verified contact details on the company’s official website.
Keep software up-to-date:
Maintain up-to-date operating systems, software, antivirus programs and email filters. This helps protect against phishing links, malicious attachments and emerging scams.
Review account activity regularly:
Frequently check your financial accounts and statements to look for any unauthorized or fraudulent activity. Identify problems early to reduce losses and limit scammer access.
Education and awareness:
Learn how to recognize telltale signs of fake invoices and common phishing techniques. Share knowledge with friends and family to improve awareness. The more prepared people are, the fewer will fall victim.
What to do if you paid a fake invoice
If you unfortunately paid a fake invoice, take these steps right away:
Contact your bank:
Notify your bank and request them to reverse the fraudulent transaction if possible. Provide details like the date, recipient, amount and where you transferred funds. Time is critical for reversing payments.
Cancel payment methods:
Temporarily suspend any debit/credit cards used to make the payment. Also change account passwords and enable extra security like two-factor authentication. This prevents further misuse.
Keep records:
Save the suspicious email with the fake invoice, take screenshots of the fraudulent website and document all communications. Keep records of when and how much you paid.
Report the scam:
File a scam report with the Federal Trade Commission (FTC) and Internet Crime Complaint Center (IC3). Also notify the real company impersonated in the scam. Providing information helps authorities identify and halt scams.
Monitor accounts closely:
Carefully check bank accounts, credit reports and other financial records over the next few months. Look for signs of identity theft and repeat attacks. Promptly report any unauthorized activity.
Adjust email settings:
Update junk mail filters to send new emails from the scammer’s address directly to spam. Tweak configurations so verified senders bypass your junk folder. This prevents you overlooking legitimate emails.
How businesses can avoid fake invoice scams
For businesses dealing with suppliers and customers, here are some practices to avoid becoming victims of fake invoice fraud:
Educate employees:
Train staff to recognize telltale signs of scam invoices. Ensure they avoid clicking unverified links and attachments which may install malware. Make departments like accounts payable vigilant.
Carefully vet new suppliers:
Do research before adding new suppliers to avoid bogus ones. Confirm their business addresses and contact details through official channels. Require face-to-face meetings where possible.
Establish payment processes:
Have clear and mandatory payment approval procedures before issuing payments. Fake invoices often rely on quick payments before they are closely reviewed.
Verify changes carefully:
Double check any requests to update vendor payment details before sending funds. Scammers will sometimes impersonate real suppliers and try to reroute payments.
Use dedicated systems:
Manage payments and invoices through secure corporate portals. Avoid relying entirely on unverified emails to handle financial transactions.
Monitor for anomalies:
Watch for any abnormal changes like new supplier requests from free webmail accounts or sudden payment procedure changes. Investigate anything suspicious.
Encourage reporting:
Empower employees to flag any suspicious financial activities without repercussions. Make it easy to report phishing attempts or fraudulent-looking communications.
Conclusion
Fake invoice scams can easily fool victims into paying money to scammers. But there are ways to protect yourself and your business from this type of fraud. Be wary of unsolicited emails demanding urgent payments. Verify senders, account details and payment requests through official channels. Report scams to authorities if you become a victim. With proper precautions, you can detect and stop fake invoice phishing attempts.
Type of Scam | Common Techniques Used |
---|---|
Fake invoice emails |
|
Business email compromise |
|
Red Flag | What it Indicates |
---|---|
Generic greetings | Scammers don’t personalize emails |
Spelling/grammar errors | Email was not sent by a professional company |
No existing account | You never signed up for services from the company |
Sense of urgency | Tactic to bypass scrutiny and skepticism |
Odd links/attachments | Potential phishing site or malware download |
Protection Tip | How it Helps |
---|---|
Verify sender address | Detect spoofed email identities |
Visit company website | Bypass phishing links in emails |
Mark as spam | Trains filters to detect similar scams |
Multi-factor authentication | Secures accounts if credentials are stolen |
Review statements frequently | Spot unauthorized transactions early |