Skip links

Accounting redirect scams are one of the biggest financial threats to organizations today. This form of cyber-attack occurs when a fraudster poses as a company supplier over email. In their message, they’ll tell you that their payment details have recently been updated and provide you with new billing information to defraud your company.

You might think you’d be able to spot a fake invoice over email – but it’s not so simple. Recent research shows that 30% of businesses will fall for accounting redirect scams. And that number is rising year on year.

To help you protect your organization from this threat, we’ll explore how accounting redirect scams work below, and provide must-know tips on how to spot fraudulent invoice emails.

How Big is the Accounts Payable Fraud Problem?

Accounts payable fraud has become more frequent and costly to the average business.  As scammers have learned the “tricks of the trade” they have been able to increase their success rate and thus the amount lost on average is increasing each year.  Big businesses like Facebook and Google have fallen victim to the tune of over one hundred million dollars, Diesel Jeans cited invoice fraud in their Chapter 11 bankruptcy filing, and the average small business stands to lose a significant amount of money should they fall for the scam.  Some police departments report that they regularly receive reports of losses in the $50,000 to $100,000 range and the scammers know that small businesses are easier targets

How Does Invoice Fraud Happen?

Not all invoice fraud scams are created equal. They vary from simplistic to extremely sophisticated.

The most basic scams involve a cybercriminal sending a look-alike invoice to your company, hoping that you will pay it without a second glance. They won’t even pretend to be a known supplier or personalize the email.  You’d be surprised how many businesses blindly accept and pay invoices for things like directory listings, online renewals, and expired licenses or certifications.

The next level-up is a more targeted scam. The fraudster will first research your company and your suppliers. From there, they’ll write a highly-personalized email, claiming to be a known supplier and demanding payment for their services. They may even use a spoofed email address, so that the email looks like it’s from a legitimate individual within your supplier’s organization.  The email will be strikingly similar to one you might normally receive but with a small change the domain name so that the replies and conversations go to the scammer instead of your legitimate supplier or partner.

Finally, the most sophisticated form of account redirect scam occurs when a hacker manages to break into a supplier or employee email account. With access to a legitimate email address, they can then request a payment, along with other sensitive information, in a highly-realistic way. These attacks are the trickiest to spot because you will be sending and receiving emails with the fraudster, who is in control of that email account.  You will likely receive correspondence about a legitimate invoice, or balance owing, making it very difficult to flag it as malicious.

Other Tactics Used By Invoice Fraudsters

In sophisticated invoice scams, fraudsters often do a lot of groundwork before they send the invoice request. They may use phishing tactics to contact various employees within your company, so that they can gain more information about your suppliers and processes. For example, a fraudster may try and discover who is responsible for making payments, the timelines for invoicing, and the typical cost of a supplier’s services.

All of this information helps the fraudster build an eerily realistic email when the time comes to send their fraudulent invoice. They want to trick you into believing you’re dealing with a legitimate supplier, so they can receive the payout.

In the worst case, you may not even realize you’ve been scammed until your real supplier starts chasing you for invoice payments!

A Checklist for Catching Invoice Fraud

The good news is that there are numerous actions you can take to prevent your organization from falling victim to invoice fraud, as outlined in our handy checklist:

  • If your supplier sends an email saying they’ve updated their payment details, call them to verify the change. Don’t use the number in the suspicious email, though. Use the one you already have in file.
    • You can take this a step further by assigning specific contact people within your organization and that of your supplier who are able to authorize these kinds of changes. Regardless, changing banking information should be done with extreme caution.
  • Be wary of any invoice or payment requests that seem unusually urgent or pushy.
    • Take note of the “tone”, grammar, spelling, and accuracy in the email. You know your suppliers and how they operate, an email that is out of the ordinary should be cause for concern.
  • Be careful about how you publicize your relationships with suppliers and customers on social media. Fraudsters often use this information as part of their scams.
    • Double check your webpage and ensure key staff’s email addresses are not public and educate your staff about what information can be shared on social media.
  • When you receive a new invoice, compare it to the previous ones you’ve received. Look for discrepancies in account details, the sender’s tone and the company logo.
  • Confirm a single point of contact at your supplier, who is the only one you discuss invoices with. Make sure to call them in the case of a suspicious email, as their account could be hacked!
    • Any banking information changes should require confirmation from more than one source at your supplier. Ideally, within your company there should also be at least two people who review the change request before finalizing it.  If something seems fishy, don’t make the change until you’re sure it’s legitimate.
  • If you ever receive an email from a partner asking for payment in cryptocurrency, it is also best practice to call and confirm before advancing the payment.
  • Train all your employees on the risks of accounting fraud, so they don’t accidentally fall for one of these scams.

What If You’ve Got A Suspicious Invoice In Your Inbox Right Now?

If you think you’ve accidentally paid a fraudulent invoice, contact us and your bank immediately.

We can help you recover as quickly as possible.

If there’s a suspicious email in your inbox and you’re not sure what to do, follow the steps above to verify the sender. We can also assist you by analyzing the email and blacklisting the sender’s email address if it is found to be fraudulent, so they don’t trouble you or your colleagues again.

Bolster Your Defenses Against Accounting Scams and Other Phishing Attacks!

Email scams like invoice fraud and phishing can strike at any time. With our next-generation cybersecurity solutions, we can help you to reduce the likelihood of these scams landing in your inbox. Plus, with 24/7 IT and cybersecurity support, we’re on hand to help you if you’re concerned about suspicious emails.

Jesse Hill


When you entrust your business to an I.T. company, it should be more than a contract – it should be a relationship built on the assurance that your I.T. advisors are ready to help in any situation. As the owner of Tier 3 I.T. Solutions, Jesse is familiar with key business operations and strives to assess challenges within businesses and find opportunities for growth. He has a constant curiosity and drive to help cut down on operations costs and take away the frustration of technology. Keeping his customers happy motivates him to develop detailed technological strategies to assist with business development. Jesse knows that technology isn’t the answer for every problem, and strives to bridge the gap between problem solving and implementation of best practices.