Business email compromise is a type of fraud that has increased drastically over the years. The best way to protect yourself from invoice fraud? Learn to recognize common red flags.

With 6.5 billion fraudulent emails sent daily, it’s no wonder that 92% of companies were targeted by email attacks in the past year. Business email compromise is a type of email phishing attack that increased in frequency by 100% between 2018 and 2019, and companies have reported $12.5 billion in losses because of it over the past five years.

Scammers use phishing emails to perpetrate different types of fraud, and invoice fraud is one of the costliest.

Recent news stories reveal that no organization is too large or too small to be a victim. Individuals have recently been targeted through a series of fraudulent PayPal invoices that spoof legitimate donations for causes like COVID-19 relief or the California Wildfires. Tech giants have also fallen victim to vendor fraud, with Amazon itself paying as much as $19 million for goods they didn’t order and never received.

The best way to protect yourself from invoice fraud? Learn to recognize the following red flags.

1. Vendor Information

Not all fake invoices come from vendors you don’t know. An employee, vendor or scammer who gains access to your data can craft fraudulent invoices with the name of a vendor you will recognize.

Checking the other company information can help you identify invoice fraud. For example:

  • The address and phone number listed on the invoice might not exist.
  • The invoice might not have an address listed, or show only a PO box.
  • The address might be different from the vendor’s legitimate address.

Checking vendor information is easier if you have a list of approved vendors. You can also call a vendor if you have doubts or verify the address and existence of the company with the Better Business Bureau or your state Attorney General’s office.

2. Common Invoice Categories

Scammers know they have a better chance of extorting money if they submit an invoice for goods or services your organization is likely to use. Common fraudulent invoice categories include printing supplies, business directory services, and web domain renewals.

How Can You Tell if an Email is Fake?

Diverting payroll funds is an increasingly common scam. Proceed with caution if you receive emails that seem to come from employees asking to update personal information or bank details. This information may include your email account, bank account number, direct deposit information, etc.

Note that some fraudsters are more sophisticated and will study your business to send fake email invoices for goods and services you have used in the past instead of in these common categories.

3. Frequency

Spotting invoice fraud is easier if you keep track of payment frequency for two reasons:

  • A fraudulent invoice might not match the usual date or frequency even though the other details check out.
  • Double billing is a type of scam in which a vendor or employee submits an invoice you’ve already paid. You can usually spot double billing if you check invoices you paid recently.

4. Location

An out-of-state address or PO box can be a red flag. Using out-of-state vendors makes sense for some goods and services, but it can indicate a fraudulent invoice if you’re billed for a service the vendor would have to perform in person.

5. Cost

Cost can be a red flag if the amount of the invoice differs from what you usually spend on the goods or services listed. A smaller invoice amount could be an attempt to avoid raising suspicion. Don’t hesitate to spend more time on an invoice that’s just below the amount you would normally scrutinize.

6. Sender’s Address and Content of the Email

Pay close attention to the email address of the sender. It might be unfamiliar or might closely resemble a legitimate vendor address. 

The content and subject line of the email can also be a warning sign. Vendor fraud emails sometimes convey a sense of urgency and might lack information about the vendor or invoice terms.

7. Purchase Order Numbers

Billing for things you didn’t order is a common scamming tactic. Always make sure the purchase order numbers on the invoices you receive match your records. A fraudulent invoice might not have a purchase order number or its number might not exist in your records, unless you’re dealing with a double billing scheme.

8. Order Details

What are you being billed for? Some fraudsters use vague terms, like “service requested.” A fraudster might bill you for larger quantities of goods than you actually received, or for more than the agreed-upon price.

9. Gut Feeling

Accounts payable professionals can sometimes tell that something is off about an invoice. Some scams are not carefully crafted and lack details like tax information, dates, or payment terms. You might notice spelling errors, and the file format for the invoice might be unusual, like a Word document.

Some fake invoices are easy to spot, but that’s not always the case. Adopt a standard set of procedures for verifying and approving invoices instead of relying solely on your ability to notice red flags.

How to Stop Fraudulent Invoices from Reaching Your Inbox

You can take additional steps to protect your organization from invoice fraud with’s free Email Shield, with supported Outlook 365 integration. It leverages the full strength of the fraud prevention platform, comparing senders with a list of trusted contacts and blocking emails according to customizable rules. It also provides you with risk scores to help you spot potentially fraudulent emails. Click here to learn more about Email Shield, or’s broader capabilities to fight invoice fraud here.