Learn / Keeping your invoicing account secure
Security

Keeping your invoicing account secure

A compromised invoicing account can be used to defraud the people who trust you. Here is how to make that much harder.

When you send invoices, you become a target from two directions: scammers who want to intercept your payments, and fraudsters who may impersonate your business to trick your clients. A few practical habits protect both your account and your reputation.

1

Use a strong, unique password for your invoicing account

Your invoicing account contains your client list, payment history, and business financials. A weak or reused password is the most common way accounts get compromised.

Use a password that is at least 14 characters and not used anywhere else. A password manager (1Password, Bitwarden, or similar) makes this easy — you only need to remember one master password and the manager handles everything else.

Never share your password by email, in a chat, or with anyone who contacts you asking for it. No legitimate service will ever ask for your password.
2

Enable two-factor authentication (2FA)

Two-factor authentication means a stolen password alone isn't enough to access your account — the attacker also needs the second factor, which only you have. Enable it on your invoicing account, your business email, and any other account that handles financial data.

An authenticator app (Google Authenticator, Authy, or your password manager's built-in TOTP) is more secure than SMS codes, which can be intercepted via SIM-swapping attacks.

In Invoicetastic, you can enable 2FA in Settings. Once set up, you'll need your authenticator app every time you sign in from a new device.
3

Secure your business email account

Your email account is the master key to everything — including password resets. If a scammer gets into your email, they can request password resets for every account linked to it.

  • Enable 2FA on your email account — this is the most important single step you can take
  • Use a strong unique password separate from every other account
  • Check your email account's login activity periodically for unfamiliar devices or locations
  • Be cautious about clicking links in emails even from known senders — their account may have been compromised
4

Warn clients before changing payment details

If you ever need to change your bank account or payment details, tell your clients proactively and through a channel they already trust — ideally a phone call or a message from an email address they know. Follow up in writing.

A scammer impersonating you would send an email asking clients to update payment details. If your clients know you'll always confirm changes by phone, they're much harder to fool.

5

Keep your invoice records accurate and sequential

Sequential invoice numbering isn't just good practice for your own records — it also protects your clients. If a client receives an invoice numbered INV-0089 when they've only ever seen your invoices go up to INV-0051, they have a concrete reason to query it before paying.

Consistent formatting, your correct business name, and your real contact details on every invoice make it harder to forge a convincing fake in your name.

6

Be cautious with what you share publicly

Fraudsters who want to impersonate your business often gather information first — your logo, your trading name, your clients, your email format. The more of this that's publicly available, the easier it is to build a convincing fake.

This doesn't mean hiding your business — just being thoughtful. Don't post invoice templates publicly. Be careful about listing client names on your website if those relationships could be exploited.

Your account security protects your clients too.

A compromised invoicing account doesn't just affect you — it can be used to defraud the people who trust you. Strong passwords, 2FA, and a secure email account are the foundation.