What is a fake invoice scam?

A fake invoice scam is when a criminal sends a fraudulent invoice to a business, disguised as a legitimate bill from a supplier, contractor, or service provider. The invoice looks real but the bank details belong to the scammer.

How much do fake invoice scams cost Australian businesses?

False billing cost Australian businesses $11.8 million in 2023, a 37% increase from the previous year. The average loss per incident is increasing as scammers become more sophisticated.

How do fake invoices get past accounts payable?

Fake invoices succeed during high-volume processing periods when AP teams are under pressure. They mimic real suppliers, use correct ABN numbers, and reference plausible service descriptions. Without automated verification, they blend in with legitimate invoices.

THREAT GUIDE

Fake Invoice Scams

Fraudulent invoices from non-existent suppliers slip through during high-volume processing. They look right, they reference real services, and they get paid.

$11.8M in business losses (2023)

+37% year-on-year

How fake invoice scams work

Unlike BEC attacks that hijack existing supplier relationships, fake invoice scams create entirely fabricated ones. The scammer sends an invoice from a company that doesn't exist (or one that vaguely resembles a real supplier) and hopes it gets processed without question.

These scams are especially effective against businesses that process large volumes of invoices. When your AP team is processing hundreds of invoices a month, a single fake one that looks plausible can easily slip through.

The sophistication is increasing. Modern fake invoices include valid-looking ABNs (sometimes real ABNs of unrelated businesses), professional formatting, and references to services that sound plausible. Some even follow up with phone calls to "confirm" the invoice.

Common fake invoice tactics

Scammers use several proven tactics to get fraudulent invoices paid.

The phantom supplier

An invoice arrives from a company you've never dealt with, billing for vague services like 'consulting', 'advertising', or 'directory listing'. It's generic enough to seem plausible.

The near-miss supplier

The scammer creates a company name almost identical to a real supplier, like 'Australian Office Solutions' instead of 'Australian Office Supplies'. Close enough to pass a quick glance.

The high-volume blend

Invoices are sent during end-of-month or end-of-quarter processing when AP teams are under pressure. A $2,000-$5,000 invoice can easily blend into a batch of hundreds.

The renewal scam

Fake invoices for 'domain renewals', 'listing fees', 'subscription renewals', or 'licence fees' that look like routine costs no one thinks to question.

The follow-up call

After sending the invoice, the scammer calls to "follow up", adding legitimacy and creating urgency. "Just checking that our invoice has been received for the next payment run."

The internal impersonation

The invoice arrives with an email that appears to come from an internal department or manager: "Please process this invoice, already approved by [executive name]."

Red flags to look for

While some fake invoices are sophisticated, many have tells that a trained eye (or automated verification) can catch.

No purchase order or reference to an agreed engagement

Vague service descriptions that could apply to any business

Slightly different company name from a real supplier

Bank details that don't match any existing supplier records

Round dollar amounts (e.g. $5,000 instead of $4,872.50)

Pressure to pay before a specific date without prior agreement

Invoice sent from a generic email domain (gmail, outlook)

ABN that doesn't match the company name on the ASIC register

How ezyshield catches fake invoices

A fake invoice can't survive verification. If the person, business, or bank account doesn't check out, the payment doesn't go through.

ABN validation

Every payee's ABN is checked against the Australian Business Register in real time. Fake businesses don't have valid ABNs, and mismatched ABNs are flagged immediately.

Bank account ownership

ezyshield confirms the bank account is actually owned by the business on the invoice. A scammer's bank account won't match the ABN holder, and verification fails.

New supplier verification

First-time payees go through full Payment Identity Verification: biometric, ABN, and bank account. There's no way for a phantom supplier to pass.

See How ezyshield Works

Stop paying invoices that shouldn't exist

ezyshield verifies every payee before money moves. Fake suppliers can't pass.

Book a Demo View Statistics