Do you know how to identify a fake invoice email? Invoice fraud is a form of business email compromise (BEC) in which a third party requests payment, fraudulently. According the FBI IC3 report, in 2022, BEC attacks caused $2.7 billion in losses to US victims, making it the most pervasive form of business email compromise.

Invoice fraud is a popular and highly effective form of business email compromise because it can result in enormous payouts for scammers. If your business processes hundreds or thousands of invoices each month, getting tricked by a fraudulent email invoice is an unwelcome possibility.

Today we’ll go over ten indicators of fraudulent email invoices so your organization can avoid financial loss and irreparable damage.

1. The sender asks for PII

You should immediately be suspicious if anyone asks for personally identifiable information (PII) online. This includes anything from your email account address and phone number to your Social Security number or bank account number.

Sometimes a scammer will use a fake invoice email to test your organization’s vulnerability to business email compromise, phishing attacks, and other cyber scams. If you readily share sensitive information via email, that indicates to an attacker that you may be a prime target for a number of these scams.

2. The sender makes an unusual request

Legitimate businesses understand the importance of protecting your financial information and will not request that you divulge these details via email. However, a fake invoice email from a scammer might.

If an email requests a change to banking or payment information, you should be suspicious immediately. Instead of sharing these details via email, contact the vendor directly to confirm the need to change this information, first.

3. The dollar amount is unusual

An inexperienced fraudster will often create an invoice for an outrageous sum, rather than trying to make it seem more believable. Pay attention if the requested amount is way out of line with normal charges. For example, if an invoice lists unusually high quantities, billed hours, or prices, it might not be legitimate.

Fake invoices are likely to use different means of tabulating costs or total amounts. For example, if you receive an invoice that lists a whole number as the price per item or the total amount due which is different from the formatting of previous invoices, then that can be an indicator of a scam.

4. The invoice for something you didn’t purchase

Sometimes vendors make mistakes and send an invoice to the wrong customer or forget to cancel a recurring invoice. If your business receives a request for payment for something you did not purchase, take caution and confirm with the vendor. Taking the extra time to directly call or send a separate email can protect you from engaging with fraudulent emails and falling for fake invoice scams.

Some scammers will impersonate tech companies to send phony invoices for digital purchases like apps and music. Because these aren’t physical products, it can be difficult to verify if the purchase actually happened.

5. The email includes suspicious links

Most businesses do not share invoices via URL but rather an attached .pdf document. Therefore, if you receive an email containing a link to download or view an invoice, this could signify that it’s a fake invoice email.

Before clicking any links, verify the email message first. If a regular vendor suddenly asks you to click a link to view an invoice online, follow up with them separately by emailing or calling them directly to see if they have changed their billing process. Discuss the payment process ahead of time with new vendors so you know what to expect when you receive your first invoice.

As with any suspicious email, do not click any links that could take you to a fake site or download any attachments that could contain ransomware that locks down your system.

6. The email uses poor English or grammar

Like many phishing emails, a fake invoice email could be a generic scam designed to target as many people and businesses as possible. In this case, scammers are not likely to put much effort into addressing you personally or crafting a perfectly worded email with flawless grammar.

Therefore, if you receive an invoice request with misspelled words, incorrect grammar, lack of personalization or unusual phrasing, this could indicate invoice fraud.

New Artificial Intelligence tools have recently provided attackers with the ability to make their communications more accurate and harder to recognize as being illegitimate. It’s more important than ever to read your emails carefully for any signs of fraud.

7. The email originates from an unfamiliar vendor

When doing business with a new vendor, take the time to discuss the invoicing process before you start a project. This includes going over timelines, methods of payment, and invoice formats. That way, your business is prepared to receive their invoice and pay it correctly.

If you receive an invoice from a vendor you do not recognize, this should be an immediate red flag for potential invoice fraud. Although the email might appear to come from a legitimate business, an actual vendor is unlikely to send you an invoice without discussing it with you first.

8. The email text pressures you to pay immediately

Many invoice scams use social engineering to coax you into falling for scams you otherwise might recognize. One of these widely used techniques is to create a sense of urgency by pressuring you to pay the invoice right away. A scammer might even try to scare you by threatening legal action if you don’t pay immediately.

If an invoice request demands immediate payment, the likelihood of it being fraudulent is high. If the email appears to come from a trusted source, contact the vendor separately to double-check that the invoice is legitimate rather than making a poor decision that can cause significant financial risk.

9. The email appears to come from a trusted source, but…

Scammers often use email addresses that appear very similar to a legitimate email address from a vendor or client. Therefore, always look closely at the email’s address to ensure it matches the contact information you have on file. For example, if you’ve received an invoice from a vendor you know but from an unexpected contact, that could be a possible indication of a fake invoice email.

10. The email links to a landing page of an illegitimate URL

Many scammers will spoof a legitimate business and create malicious emails including links to phishing sites that steal your personal data or download malware onto your device. Even with emails from a trusted sender, always look closely at the page’s URL to ensure its authenticity.

You can easily do this by hovering your mouse over the URL on a desktop to see a full preview or pressing and holding on the URL before actually clicking on mobile. If you don’t know if you should click a link, type out the official website URL separately and proceed from there.

A fake invoice email is just one of the methods that scammers might use to attack your business. Learning how to spot invoice fraud can help safeguard against attacks, but implementing email security software provides the necessary protection against a range of business email compromise attacks.

To learn more about how Umbrella blocks phishing attacks to protect businesses from fake invoice emails, phishing attacks, and other scams, check out Cisco Secure Email Threat Defense.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Anand Raghavan

Senior Director of Engineering, AI

Security Business Group