Attacks & Threats
Invoice Fraud
Also known as: Mandate fraud, Payment diversion fraud, Supplier fraud
Definition
A fraud in which attackers submit fake invoices, or alter genuine ones, so that payment is routed to attacker-controlled bank accounts.
Examples
- A look-alike supplier domain emails finance with "updated" bank details just before a quarterly payment.
- A hijacked supplier mailbox replies to an open quote thread attaching a PDF with the attacker's IBAN.
Related terms
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
CEO Fraud
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Email Spoofing
Forging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.
Typosquatting
Registering domain names or package names that are misspellings or visual look-alikes of legitimate ones, to catch users or developers who make typing or recognition errors.
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.