Cyber Doc logo Cyber Doc
Cybersecurity Term

What is invoice fraud?

Fraudulent invoices or bank-detail changes designed to redirect legitimate payments.

Email & Fraud Last reviewed: 2026-05-20

← Back to Learn Centre

What is invoice fraud?

Invoice fraud happens when an attacker tricks a business into paying a fake invoice or changing legitimate supplier banking details to an attacker-controlled account.

Simple example

A business receives an email saying a supplier’s bank account has changed, but the request actually came from an attacker.

Why it matters

Invoice fraud can cause direct financial loss and is often linked to compromised or impersonated email accounts.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Verify bank detail changes by phone using known contact numbers.
  • Separate invoice approval from payment release.
  • Use supplier onboarding and change-control processes.
  • Train finance staff to treat urgent payment changes with caution.
  • Limit who can approve supplier banking changes.

Reactive steps

  • Stop or recall the payment if possible.
  • Contact the bank immediately.
  • Contact the real supplier using trusted details.
  • Preserve the invoice, emails, and payment records.
  • Investigate whether a mailbox or supplier account was compromised.

Related terms

  • Business email compromise
  • Spear phishing
  • Payment redirection fraud