Invoice Fraud
What is Invoice Fraud?
Invoice FraudA fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts.
Invoice fraud sits at the intersection of business email compromise and accounting controls. The attacker either spoofs a vendor address, hijacks the vendor's real mailbox, or registers a look-alike domain, then sends a payment-redirection notice or a doctored PDF invoice changing the IBAN/SWIFT details to their own. Sophisticated variants insert themselves into existing email threads ("thread hijacking") and target finance precisely when a real invoice is expected. Defences include verifying bank-detail changes by callback to a previously known phone number, supplier master-data controls, dual-approval payment workflows, DMARC reject, and warnings on external/lookalike-domain emails.
● Examples
- 01
A look-alike supplier domain emails finance with "updated" bank details just before a quarterly payment.
- 02
A hijacked supplier mailbox replies to an open quote thread attaching a PDF with the attacker's IBAN.
● Frequently asked questions
What is Invoice Fraud?
A fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts. It belongs to the Attacks & Threats category of cybersecurity.
What does Invoice Fraud mean?
A fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts.
How do you defend against Invoice Fraud?
Defences for Invoice Fraud typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Invoice Fraud?
Common alternative names include: Mandate fraud, Payment diversion fraud, Supplier fraud.