Beat the Scam Scam checks, alerts, and consumer protection guides
Home / Guides / Payment Scams / Invoice Fraud UK: How Businesses Fall Victim and How to Stop It
Payment Scams

Invoice Fraud UK: How Businesses Fall Victim and How to Stop It

Criminals are sending fake invoices to your business right now — here's how to catch them before your finance team pays.

Published 2026-04-30 · Beat the Scam Editorial Team · 7 min read

invoice fraud UKfake invoice scambusiness invoice fraudsupplier impersonation fraudinvoice payment scam
Key rule: verify through an official route you opened yourself, not the link, number, app, or payment details supplied by the suspicious message.
On this page
  1. What is this scam?
  2. Warning signs to look for
  3. How this scam works step by step
  4. How to verify if it is genuine
  5. What to do if you have already interacted
  6. Reporting this scam in the UK

What is this scam?

Invoice fraud is a targeted payment scam where criminals send fake invoices to UK businesses, either impersonating an existing trusted supplier or creating entirely fictitious vendors. The scammer's goal is simple: trick your finance department into paying money that goes straight into their bank account instead of the real supplier. Unlike mass phishing emails, invoice fraud is often carefully researched. Scammers study your business, identify your genuine suppliers, and craft invoices that look legitimate enough to pass a quick check. They might change a supplier's bank details by just one digit, intercept genuine supplier emails to insert their own payment instructions, or send invoices from addresses that look almost identical to the real thing (like 'supplie' instead of 'supplier'). The damage is substantial: when a business discovers the fraud weeks or months later, the money is usually gone, and relationships with suppliers are damaged.

Warning signs to look for

  • The invoice comes from an unfamiliar email address or domain, even if it claims to be from a known supplier — always check the full email address, not just the display name.
  • Bank details on the invoice differ from previous invoices from the same supplier, or you receive a separate 'urgent update' email with new payment instructions.
  • The invoice requests payment to a personal bank account, a different company name, or an overseas account when the supplier normally receives payments in their registered business account.
  • Invoicing amounts or payment terms are significantly different from the supplier's usual pattern, or the invoice arrives outside normal ordering cycles.
  • The email has poor grammar, spelling mistakes, or unusual formatting — particularly in header information or company details.
  • There's artificial urgency: phrases like 'payment needed immediately' or 'please process today' without a clear business reason.
  • The supplier's logo, letterhead, or company details look slightly off or low-quality compared to previous genuine invoices.
  • You receive the invoice through an unexpected channel — a personal email, WhatsApp, or an unsecured messaging app rather than your normal supplier communication method.

How this scam works step by step

The invoice fraud scam typically unfolds in stages. First, the criminal researches your business: they identify your genuine suppliers, find your company's email structure, and study your payment processes. They might use LinkedIn, Companies House records, or publicly available invoices to gather information. Next, they create a fake invoice using information copied from your real supplier's previous invoices — payment terms, descriptions, company numbers — making it look authentic. The criminal sends this invoice directly to your finance team's inbox, or sometimes to a general business email address, designed to slip past quick checks. They may impersonate the supplier's email address by registering a near-identical domain or by hacking the supplier's actual email account. Some criminals intercept genuine supplier emails and add their own payment instructions before forwarding them on. Your finance team, trusting the familiar supplier name and invoice format, processes payment without verification. By the time anyone notices — when the real supplier asks why payment wasn't received or your team spots a duplicate invoice — the money has been transferred to the scammer's account, often overseas, making recovery extremely difficult.

How to verify if it is genuine

Never rely on the email address shown on an invoice. Always verify supplier details using independent contact information. Call your supplier directly using a phone number from your records or their official website — not a number provided in the suspicious email. Ask them to confirm they've sent the invoice and that the bank details are correct. For new suppliers, request invoices only from verified email addresses and check Companies House to confirm their registered bank details. Implement a two-person approval system where one person verifies the supplier independently before a second person authorises payment. Check your purchase order system: does this invoice match a PO your team actually raised? Compare the bank details, VAT number, and company address with previous invoices from the same supplier. Be especially cautious if you're told to pay to a 'new account' or 'temporarily different details' — this is a common scam tactic. Look at our guide on how to check if a website or business is legitimate for more verification steps.

What to do if you have already interacted

If you've made a payment to an invoice you now suspect is fraudulent, act within hours — the faster you respond, the better your chances of recovery. First, immediately contact your bank and report the fraud. Most banks can freeze transfers within 24 hours if they're still processing. Provide your bank with the recipient's account details, the amount, and the date of transfer. Next, contact the real supplier to confirm you were scammed and explain the situation. Ask them to contact their own bank to flag the fraudulent account. Report the fraud to Action Fraud (0300 123 2040) — this creates an official record and helps law enforcement. Also report to the NCSC if the fraud involved email compromise. In parallel, check your email and your supplier's email for signs of account compromise. Change passwords for any supplier accounts you access and enable two-factor authentication. Implement immediate controls: all future invoices must be verified by phone call before payment, and temporarily suspend payments to suppliers unless explicitly requested via a phone call using known contact details.

Reporting this scam in the UK

UK businesses should report invoice fraud to Action Fraud immediately on 0300 123 2040 or via their online report at actionfraud.police.uk. Action Fraud forwards reports to the National Fraud Intelligence Bureau and creates official records that help identify patterns and organised fraud networks. If the scam involved email account compromise or a fake website, also report to the National Cyber Security Centre (NCSC) Suspicious Email Reporting Service at report@phishing.gov.uk — include the full email headers and any URLs used. Contact your bank's fraud team directly; many banks have dedicated business fraud teams that work closely with Action Fraud. If you suspect the scammer used a hacked email account, report the compromised email address to the NCSC as well. Consider alerting your genuine suppliers and other businesses in your sector — they may be targeted next. For financial loss and guidance, the Citizens Advice consumer helpline (0808 223 1133) can advise on next steps. Keep detailed records of all communications, emails, bank statements, and timestamps for any investigation.

Frequently asked questions

Is my supplier's business legitimate, or could they be part of the scam?

Your supplier is almost certainly legitimate — invoice fraud works by impersonating genuine, trusted suppliers. The real supplier had no knowledge of the fake invoice and is likely a victim too if their email or identity was compromised. Always assume the supplier is genuine unless you have direct evidence otherwise, and contact them by phone using their official number to verify.

I've already paid the fraudulent invoice. Can I get my money back?

Contact your bank immediately — if the transfer is still processing (usually within 24 hours), your bank may be able to recall or freeze it. Once the money reaches the scammer's account, recovery is much harder but not impossible. Your bank may work with the receiving bank to recover funds. Report to Action Fraud and your local police force. If significant sums are involved, consider instructing a solicitor. Recovery can take months or years, but many cases succeed if reported quickly.

How can I tell if an email claiming to come from my supplier is actually impersonated or hacked?

Check the full email address carefully — scammers often use domains that look similar but have one letter different (like 'supplie.com' instead of 'supplier.com'). Call your supplier directly on their official phone number to ask if they sent the email. If their email account is hacked, legitimate emails may have subtle signs like unusual tone, requests for new payment methods, or being sent outside working hours. Ask your IT team to check email headers to see the true origin of the message.

Who do I report invoice fraud to in the UK and what happens next?

Report to Action Fraud (0300 123 2040 or actionfraud.police.uk) — this is the official reporting channel for fraud in the UK. Also report to the NCSC at report@phishing.gov.uk if email compromise was involved. Your report helps build intelligence about organised fraud networks. Action Fraud will send you a crime reference number for your insurance claim. Larger cases may be investigated by specialist fraud teams, though resource constraints mean smaller reports may not receive active investigation — but reporting still creates an official record and helps protect other businesses.

Think you’ve spotted a scam? Use the AI scam checker for an instant analysis, or report it to Action Fraud.