Invoice fraud checker

Invoice Fraud Checker: How to Spot and Report It

Invoice fraud and business email compromise target companies, freelancers, nonprofits, and households. The attacker may impersonate a vendor, executive, landlord, contractor, or client.

The scam usually changes payment instructions, sends a fake invoice, or pressures someone to wire money before normal approval. Small wording differences can signal a compromised mailbox or spoofed domain.

Analyze this invoice Read FAQ

Quick answer

Invoice scams redirect legitimate payment workflows

Invoice fraud often uses changed bank details, spoofed vendor domains, urgent executive pressure, fake overdue notices, attachments, or requests to bypass normal approval.

Free scam check

Paste the invoice email or payment-change request

The sample below shows a vendor impersonation and bank change pattern. Replace it with the invoice or email you received.

Sample loaded

Typical red flags

Invoice fraud hides inside normal business operations, so process changes matter.

  • A vendor suddenly changes bank account or routing details.
  • The email domain is misspelled, lookalike, or sent from a personal account.
  • The request pressures same-day wire, ACH, crypto, or payment app transfer.
  • The sender asks to bypass purchase orders, approvals, or callbacks.
  • Invoice numbers, amounts, due dates, or wording differ from prior invoices.
  • Attachments or links require login to view payment details.
  • The email style feels different from the usual vendor or executive.

What to do if you already fell for it

Wire and ACH fraud can move fast, so escalate immediately.

  • Contact your bank or payment provider immediately and request a recall or fraud hold.
  • Call the real vendor using a known number, not the number in the email.
  • Preserve the invoice, email headers, attachments, bank details, and internal approvals.
  • Notify finance, IT, legal, and leadership if business accounts may be compromised.
  • Change passwords and revoke sessions for involved email accounts.
  • Report the incident to law enforcement or a cybercrime reporting channel.
  • Require out-of-band verification for all future payment changes.

Example: vendor bank change

Input

Our accounts team changed banks this week. Wire the attached invoice balance to the new account today.

What to notice

  • The message changes payment instructions and creates urgency.
  • Bank changes should be verified through a known contact channel.
  • BEC attacks often use real invoice context with altered destination details.

Invoice fraud FAQ

What is BEC?

Business email compromise is a scam where attackers impersonate or compromise business email accounts to redirect payments, steal data, or approve fraudulent transfers.

How should a bank-detail change be verified?

Call a known contact using a phone number from existing records, not the email. Require a second approval for payment changes.

Can a real vendor mailbox be compromised?

Yes. Even a legitimate email account can send fraudulent payment instructions if it has been compromised.

What should I paste into ScamSpot?

Paste the invoice email, bank-change request, payment instructions, or executive approval request. Remove private account numbers where possible.