Wholesale Banking

How to reduce invoice fraud risk

26 November 2025

Reading time: 3 min

Invoice fraud is one of the most common and effective tactics used by fraudsters to exploit business processes. It typically involves redirecting payments by requesting changes to beneficiary account details or sending fake invoices. Because these scams are relatively easy to execute and carry minimal risk for the fraudster, they remain a popular method of attack. That’s why it’s crucial to stay vigilant—especially when handling requests to update payment information.

What happens during invoice fraud?

  • As the invoice recipient, you will receive a phone call from the fraudsters pretending to be the invoice issuer, saying that their banking details have changed.
  • The fraudsters will request that you make payments to their “new account”. The request often sounds very convincing.
  • It is highly likely that the following invoices will also be paid to the fraudsters’ accounts until the real issuer of the invoice realises that their invoices are not paid and contacts you.

Variants of invoice fraud

  • Email hack: the fraudsters will hack into the email server of the invoice issuer and send an invoice from their email address, making it virtually impossible for the invoice recipient to identify that it is a request from the fraudsters.
  • Lookalike domain: the fraudsters will create a very similar email domain to confuse the recipient. For instance, can you spot the difference between example@lng.com and example@ing.com? Or between business-banking@abc.com or businessbanking@abc.com?
  • Spoof call: Most of the phones today have the caller ID function. But it is possible for fraudsters to “spoof” the caller ID information. The fraudsters will call the invoice recipient with a spoofed phone number after sending a fake invoice, making the recipient believe that they are already in contact with the real invoice issuer, thus a call-back procedure is unnecessary. That is exactly what the fraudster is aiming for. Always call back your invoice issuer on the pre-arranged number.

What precautions can you take?

As an invoice recipient:

  • Validate the invoice: check whether you expect the invoice for this amount and check if the issuer’s details are unchanged compared with previous payments.
  • When you receive a change request, check the spelling and layout. Many fraudsters make small errors and inconsistent visual alterations that will give them away.
  • Make a phone call to a pre-arranged number to check the validity of the change request. Do not use the number indicated on the request itself or rely on being called by the invoice issuer because you see it on the caller ID. Always call back.
  • If you have too many invoice issuers to call back, install call back procedure for the top 10 largest ones to reduce the impact.
  • If you do not have a pre-arranged number to call, you can use public sources such as Google to look up the phone number of your issuer.
  • Be extra careful if you are asked to update the pre-arranged phone number.

As an invoice issuer:

  • Educate your recipients to always call you back in case of any change request or doubt about the legitimacy of an invoice.

A short phone call can save a lot of money: trust but verify.  

Learn more about fraud prevention

Go to our banking safely page