Marulk

What is Invoice Fraud?

Quick Answer

Invoice fraud involves sending fake or altered invoices to trick businesses into paying money to attackers. Scammers either impersonate legitimate vendors or intercept real invoices and change the payment details.

Invoice fraud is a type of business fraud where attackers send fictitious invoices or manipulate legitimate invoices to divert payments to accounts they control. This can involve creating entirely fake invoices for goods or services never ordered, impersonating existing vendors to redirect regular payments, or intercepting email communications to alter payment details on real invoices. Invoice fraud exploits the routine nature of accounts payable processes and the trust between businesses and their suppliers.

How Invoice Fraud Works

1

Reconnaissance

Attackers research the target company to identify vendors, typical payment amounts, and accounts payable contacts.

2

Email compromise or spoofing

Attackers either gain access to a vendor's email account or create convincing lookalike domains.

3

Invoice manipulation

Fake invoices are created or real invoices are intercepted and altered with different bank account details.

4

Submission

The fraudulent invoice is sent to accounts payable, often with urgency or slightly different-than-usual payment instructions.

5

Payment diversion

If the fraud succeeds, payment is sent to attacker-controlled accounts and quickly moved to prevent recovery.

Real-World Examples

An email from a 'supplier' notifying you that their bank details have changed and providing new payment information.

A fake invoice for office supplies, cleaning services, or other routine purchases that might not be questioned.

An intercepted legitimate invoice where only the payment account number has been subtly altered.

A fake 'overdue notice' for an invoice that was never sent, pressuring quick payment to avoid penalties.

How to Protect Yourself

Verify any changes to vendor payment information through a known phone number, not contact details in the request.

Implement dual authorization for payments above a certain threshold.

Cross-reference invoices with purchase orders and delivery confirmations before payment.

Be suspicious of urgent payment requests or threats about late fees and service interruption.

Train accounts payable staff to recognize invoice fraud tactics through regular simulations.

How Marulk Helps

Marulk's phishing simulations train your team to recognize invoice fraud and other threats through hands-on experience. When someone encounters a simulated attack, they get instant micro-training explaining what they missed.

Get started

Frequently Asked Questions

How common is invoice fraud?

Invoice fraud is one of the most common types of business fraud. It affects organizations of all sizes, but small businesses are particularly vulnerable because they may have fewer verification controls and smaller finance teams.

How do attackers know who our vendors are?

Attackers gather this information through various means: compromised email accounts that reveal vendor relationships, public records, social engineering calls to your company, or even information shared on social media and company websites.

Can I recover money lost to invoice fraud?

Recovery is difficult but not impossible if you act quickly. Contact your bank immediately if you discover a fraudulent payment. The faster you act, the better the chances of stopping or reversing the transfer before funds are moved.

What should our verification process look like?

At minimum: verify any payment information changes through a phone call to a known number, not the contact details in the email. For larger payments, require dual authorization. For new vendors, verify business legitimacy before making any payments.

Related Security Topics

Business Email Compromise (BEC)

Business Email Compromise (BEC) is a type of scam where attackers impersonate executives or trusted partners to trick employees into transferring money or revealing sensitive information. It's one of the most financially damaging cybercrimes.

Learn more

Pretexting

Pretexting is a social engineering technique where attackers create a fabricated scenario (the 'pretext') to trick victims into providing information or taking actions they normally wouldn't. It's the foundation for many phishing and fraud attacks.

Learn more

Spear Phishing

Spear phishing is a targeted phishing attack that uses personal information about the victim to appear more convincing. Unlike mass phishing, attackers research their targets to craft believable messages.

Learn more

Industries Most Affected by Invoice Fraud

While all organizations face these threats, some industries are particularly targeted.

Construction Companies

Large payments, multiple subcontractors, and fast-paced projects make construction companies prime targets for invoice fraud and business email compromise.

Industry-specific training

Manufacturing Companies

Manufacturing operations depend on complex supply chains and large payments. Phishing attacks targeting accounts payable and procurement can disrupt production and drain finances.

Industry-specific training

Accounting Firms

Accounting firms handle sensitive financial data daily—making them prime targets for cybercriminals. Train your team to spot phishing attempts before they compromise client trust.

Industry-specific training

Train Your Team to Recognize Invoice Fraud

Knowledge is the first step. Practice makes it stick. Marulk's phishing simulations give your team hands-on experience recognizing invoice fraud and other social engineering attacks.

Get startedBrowse all topics