How to Recognize & Beat: Billing & Invoicing Scams

1. What Are Billing and Invoice Scams?
2. Red Flags of Invoice and Bill Scams
3. Most Common Types of Billing & Invoice Scams
4. How to Beat Billing & Invoice Scams
5. Fallen Victim to a Billing & Invoice Scam?

Billing and invoice scams can be particularly tricky to deal with, as they involve one of the most common and important transactions we’re likely to make. Still, there are ways to try to detect these deceptions and a few options to pursue if you think you’re the victim of fake invoices or bill scams.

What Are Billing and Invoice Scams?

“Billing and invoice scams” is a catchall term for a broad category of scams. But essentially, these plots will all target the billing process, attempting to extract money or sensitive information out of businesses or individuals who don’t actually owe anything.

If you run a business, you might receive a message with an invoice attached, supposedly sent for anything from a website domain name extension to advertising services. If you’re an individual, you may encounter a billing scam from the other side, getting a fake invoice from what appears to be a trusted company, supposedly to cover the cost of delivery, order, or even local tax or fee. Any funds sent, however, will go straight to a scammer.

Billing scams are also popular on online marketplaces like Craigslist or eBay, where scammers use fake invoices to “prove” they paid for a product when that’s not the case.

And some scammers are after more than money, using fake invoice attachments as ways to download malware onto your device and steal personal information that may help them steal your identity.

Unfortunately, as options for virtual payments have expanded—including through websites like PayPal and apps like Venmo—so have the number and type of billing and invoice scams. Even small local businesses are no longer immune to the deception.

Source: Best Accounting Software

A 2020 report found that companies lose an average of 5% of revenue each year on billing scams, totaling a staggering $4.5 trillion in losses worldwide, while a 2019 investigation reported that nearly 81% of organizations will be targeted by such deceptions.

Red Flags of Invoice and Bill Scams

Invoice and billing scams can take many different forms, but there are still a few common red flags you can look out for that may tip you off to a problem, including:

• Invoices with rounded amounts, e.g. $1,500 vs. $1,439.27.
• Bills for work that was not ordered or performed.
• Abnormal volume of invoices from a particular vendor.
• Invoices for vague or intangible services.
• Typos or grammatical errors.
• Mathematical errors.
• Missing details, such as taxes or fees, or mismatching details, such as account numbers.
• Vendors with mail drops as their official address.
• Invoices for amounts that are just below a sanctioned approval amount for a service.
  • More likely the case when the scammer works for the company. 

If you’re an individual receiving a bill or invoice from what appears to be a trusted company or financial institution, make sure to also look out for:

• Email addresses. Do they match the company’s official domain?
• Never click on them—instead type the company’s website directly into a new browser.
• Brand details, including specific logos, fonts, and colors. Do they match the company’s?

Most Common Types of Billing & Invoice Scams

Since nearly every industry involves billing and invoicing, and nearly every industry today can and does handle those tasks online, there are several ways these scams can manifest.

Billing scams and fake invoices can come from outside or within a company. They can also target businesses or individuals. And, as with all deceptions, scammers are constantly tweaking the formula in hopes of finding new victims.

Fake Invoice Phishing Scams

Fake invoice phishing scams combine the fake bill scheme with a phishing plot, that helps a scammer extract sensitive information which may allow them to steal your identity.

With these deceptions, scammers often send the “invoice” as an email attachment. Once clicked on, the attachment will download malware onto your device, which can give scammers access to your machines.

Duplicate or Fake Invoices

A common deception that can come from inside or outside a company, duplicate, and fake invoices are some of the most common versions of this scam.

With duplicate invoices, scammers bill a company twice for the same task, hoping either that no one will notice or attempting to explain away the situation or convince a company the first funds didn’t go through.

Fake invoices are exactly as they sound—bills that are completely made up, for work that was never ordered or performed. Once again, scammers bank on a company not bothering to follow up on whether the claim is legitimate.

Shell Companies

More often than not, these types of bill scams come from within a company.

Typically, these deceptions work when a company is billed with a fake invoice. The bills come from a fake company the scammer has created, and the funds they receive are transferred into accounts held by these shell companies.

Non-Delivery for Product or Services

More like a simple hit and run.

These scams happen when a company is billed by a vendor for a product or service, then, instead of delivering that product or service, the scammer instead runs off with the money, never to return.

Online Marketplace Bill Scams

On the flip side of the non-delivery fake invoice scam is the online marketplace bill scam.

This can happen when you’re selling something on common websites like Craigslist, Facebook Marketplace, or eBay. A scammer will “purchase” your product, and send you a fake invoice as proof of their payment. Of course, the bill will be a photoshopped fake, but you’ll unfortunately not figure that out until you’ve already shipped out the item.

Vendor Impersonation

A step up from the fake invoice scam, these deceptions involve scammers impersonating actual vendors a company may work with.

Depending on the scammer’s amount of inside knowledge, they may even submit bills for work a real company has actually done for their client, making the scam that much harder to detect.

CEO Fraud

A different type of impersonation, this plot involves scammers presenting themselves as a company’s chief, and ordering “emergency” or urgent payments for certain services.

The fraud emails will direct their recipients to send money to a scam account.

How to Beat Billing & Invoice Scams

Billing and invoice scams are especially insidious, as they can just as often come from within a company as from outside of it. To that end, when it comes to beating these types of scams, knowledge is power, and a little preparation can go a long way.

When working for a company, you can look out for invoice scams by:

• Verifying the existence of any unfamiliar vendor (company or individual) before paying them.
• Checking incoming invoices against work orders.
• Researching any potential vendors through the Better Business Bureau or similar databases.
• Conducting unscheduled audits.
• Flagging potentially suspicious invoices.

And if you’re an individual receiving an invoice through email, make sure to:

• Double-check the invoice is actually for something you ordered.
• Check the email address—does it match the company’s domain?
• Double-check all other details: Account numbers, credit card numbers, etc, to see if they match.
• Never provide any personal information, including PINs and passwords, bank account and credit card numbers, or personal details.
• Never open any attachments from someone you don’t know.
• Never click on any links in emails or texts. Instead, type a company’s website directly into a new browser.

Fallen Victim to a Billing & Invoice Scam?

If you think you’re the victim of a billing and invoice scam, there are still a few things you can do.

If you work for a company you believe is being scammed, you can:

• File a report with the Federal Trade Commission.
• Hire a lawyer or use the company’s lawyers to investigate further.
• Report any phishing emails to [email protected].

If you’re an individual, and you think you got scammed, you should:

• Contact your bank and credit card companies to cancel the payment, if possible.
• Block, flag, or report the scammer through the website or app you were using, if applicable.
• Follow up with the website or app’s customer service team, if applicable.
• File a report with the Federal Trade Commission (FTC).
• Contact the local authorities.

If you think you were the victim of an invoice phishing scam, there are a few other precautions you should take, including:

• Freeze any accounts connected to the website in question.
• Contact your bank and credit card companies about the incident.
• Cancel your current credit and debit cards and open new ones.
• Change your passwords and PIN numbers.
• Report the incident to:
  • The Federal Trade Commission (FTC).
  • The Department of Justice’s National Center for Disaster Fraud.
  • The Internet Crime Complaint Center (IC3).
• Possibly create an IRS Identity Protection PIN.