Invoice fraud and billing scams: What they are and how to help protect yourself

Estimated reading time
 6 min

Key points

• Invoice fraud occurs when a criminal modifies or fakes an invoice for you, your business, or a vendor, hoping you will mistakenly pay it.
  
  
• Some of the red flags of invoice fraud include details that don’t match, such as the name on the invoice and the email address, receiving an unexpected invoice for a service you never requested, or pressure to pay the invoice immediately even if it is the first time you’ve seen it.
  
  
• Help protect yourself and your business by always verifying payment and sender details, keeping your software and devices up to date, training your staff, and more.

video

Invoice fraud and billing scams are prevalent in Australia - costing Australians over $152 million in 2024 alone. ¹

As more of our day-to-day admin is done online, verifying invoice details is essential for businesses and individuals alike. Scammers can capitalise on a lack of vigilance to trick you into paying a fake or modified invoice.

“Cybercriminals are opportunistic,” says Victor Mangos, ANZ’s Product Area Lead in Cyberfraud. They cast a wide net to see “which businesses [or individuals] will bite.”

When they “realise there are high values to play with” adds Sean Byrne, ANZ Business Manager in Cyberfraud, they invest “time and effort to try and target bigger payments.”

What are invoice fraud and false billing scams? 

Invoice fraud, false billing, and payment redirection scams share the same theme. At their core, these scams happen when a scammer impersonates a legitimate company that you or your business have previously dealt with and could also fall under the banner of business email compromise. The scammer might send an invoice with altered payment details from a business’ compromised email account – because someone unknowingly installed malware onto a work device. Or the scammer might send your business an email that looks like it’s from a legitimate company. So, you might pay the scammer instead of a supplier.

The scammers might gain access to a business’ system through a phishing link or remote access scam. They trick you into downloading malware, giving them access to your device, computer network, and files. They can then take their time to identify high-value invoices and wait for you to send them before they strike.

Another way these criminals run these scams is by sending an unexpected email with an invoice attached under the guise of a trusted, well-known business. The body of the email might say, ‘Your subscription is about to expire. Pay the attached invoice now to renew it for another year’, even if you didn’t sign up for the service in the first place.

How invoice fraud and billing scams work 

An intercepted and modified invoice

If a cybercriminal has compromised your email or the account of a business you work with, they might wait until you (or the business) send an invoice for a large sum of money.

“The cybercriminal might intercept the invoice and change the account payable details to their own,” explains Sean. “For example, if you’ve hired a builder and the scammer has compromised their email, they can use the builder’s account to intercept and modify the invoice with new payment details.”

Here’s a breakdown of how this type of invoice fraud might happen:

1. The scammer compromises your email account
2. They wait for you to send an invoice to another business.
3. The scammer intercepts the invoice and alters the bank account details – they may also increase the amount payable.
4. They forward the modified invoice to the intended recipient.
5. The recipient unknowingly pays the scammer, thinking it’s a legitimate transaction.

Unexpected invoice for unpurchased goods or services

You might receive an email from a well-known business with an attached invoice and/or link. It may claim you need to pay for a product or renew a subscription. But here’s the catch - you never signed up for it.

Cybercriminals impersonate trusted brands and send phishing emails with fake invoices to trick you into paying for something you didn’t buy.

How can you try to spot invoice fraud?

Fake invoices can sometimes be hard to spot. Here are some invoice fraud red flags you can look for:

• The email address doesn’t match the business, or it looks different from previous communications. 
  For example, the name of the business may say ‘ANZ’ but the email the invoice comes from is ‘a-nz.comau’. Alternatively, the legitimate email could be ‘hello@anzbank.com.au’ but the invoice is sent from ‘ hello@anz-bank.com.au’.
  
  
• The payment details provided by the business don’t match previous invoices you've received or are different from the information in your system.
  
  
• You receive an unexpected invoice for services you didn’t pay or sign up for. There’s a sense of urgency to pay the invoice in the email to restore your subscription or service, regardless of whether you signed up for it.
  
  
• The sender pressures you to pay immediately or threatens you with legal action if you don’t comply. While a payment deadline is standard with invoices, same-day payments or threats aren’t.
  
  
• There are suspicious links or attachments in the email that the sender encourages you to click on or download.

How to help protect yourself or your business from invoice fraud

Here are some simple steps you can take to help protect yourself (or your business) from false billing scams:

• Compare the email and the suspected fake invoice with a genuine one. Look for any discrepancies in the message or invoice, such as variations in payment methods or banking details.
  
  
• Train your staff about this type of fraud (and others), providing clear steps to avoid it.
  
  
• Contact the business you’re dealing with using a phone number you have sourced independently. For example, you might have a business card, or you can search for their number online. Don’t use the contact information provided in the invoice or email.
  
  
• Update all your devices and software to the latest version. This can help address weaknesses and make it harder for cybercriminals to get into your devices and accounts.
  
  
• Pause before you make a payment or respond to the email. Take the time to verify the sender’s information and check that their request is legitimate.

What can you do if you or your business has been targeted by invoice fraud?

• Contact your bank straight away if you have shared financial information or transferred money. If you are an ANZ customer, contact us immediately to report the fraud.
  
  
• If you shared credit card details, ‘block’ or cancel those cards immediately. If your cards are with ANZ, you can report the stolen card through the ANZ app or by calling us. 

Who can you contact if you’ve been targeted by invoice fraud?  

• Report the scam to the Australian Signals Directorate’s ReportCyber portal. This resource is there for reports of scams where money or personal information has been lost.
  
  
• Help others by reporting to Scamwatch to help them prevent future losses, monitor trends and educate the population about emerging threats.
  
  
• Contact your bank immediately if you share personal or financial information.
  
  
• If you’re an ANZ customer, you can report fraud or suspicious activity in multiple ways, such as through the ANZ app or by calling us