Learn / What to do if you've been hit by invoice fraud
Security

What to do if you've been hit by invoice fraud

Acting quickly gives you the best chance of limiting the damage. Here is what to do, in order.

Discovering you've paid a fraudulent invoice — or that someone has been impersonating your business — is stressful. Acting quickly gives you the best chance of limiting the damage. Here is what to do, in order.

1

If you've paid a fraudulent invoice — contact your bank immediately

Time is critical. Fraudsters move funds quickly, often through multiple accounts. The sooner your bank knows, the better the chance of stopping or recovering the payment.

Call your bank's fraud line directly — use the number on the back of your card or their official website, not a number from any email or invoice. Tell them you've been the victim of fraud and need to report an unauthorised payment. Ask them to raise a recall request.

Don't delay. A payment made on Friday that isn't reported until Monday has had the whole weekend to disappear. Call as soon as you realise what has happened, even outside business hours — most banks have 24-hour fraud lines.
2

Secure your accounts

If your email or invoicing account may have been compromised, change your passwords immediately — starting with your email account, since that's the master key to everything else. Then change passwords on your invoicing account, banking, and any other financial accounts.

Enable two-factor authentication on anything that doesn't already have it. Check your email account's recent login activity for unfamiliar devices or locations. If you see any, remove them.

If you use the same password anywhere else, change those too. Data from one breach is frequently used to access other accounts — this is called credential stuffing.

3

Report the fraud to the relevant authority

Reporting doesn't just help your own case — it helps authorities track patterns and protect others. Report to:

4

If someone is impersonating your business — warn your clients

If you discover that fraudsters are sending fake invoices in your name or using your branding to deceive your clients, contact your clients directly and promptly. Use an email address and phone number they already know and trust.

Tell them clearly: what happened, what to look for, and that they should contact you directly if they receive anything unexpected. Giving them a specific way to verify genuine invoices from you — such as confirming by phone before paying anything above a certain amount — will help prevent anyone being caught out.

5

Understand how it happened so you can prevent it

Once the immediate situation is under control, work out how the fraud occurred. Common entry points include:

  • A compromised email account — used to intercept or send emails in your name
  • A phishing email you clicked — capturing your login credentials via a fake login page
  • A reused or weak password — obtained from a previous data breach on another site
  • A supplier whose systems were compromised — their email was used to send you a fraudulent invoice

Identifying the entry point lets you close it and tells you what else might have been exposed. If you're unsure, a local IT professional or your bank's fraud team can help you assess.

6

Keep records of everything

Save all the fraudulent emails, invoices, and any correspondence. Screenshot anything before deleting it. These records may be needed by your bank for the recall process, by the fraud reporting authority, and by your accountant if the loss affects your tax records.

If the amount is significant, consider taking legal advice — in some jurisdictions there may be civil options for pursuing recovery in addition to the criminal reporting process.

This article is general guidance. If you have lost a significant amount of money to fraud, consider taking independent legal or financial advice specific to your situation and jurisdiction.

Act fast, report everything, then fix the gap.

The first call to your bank is the most important step. Everything after that is about containing the damage and making sure it doesn't happen again.