Fake Invoice Scams Target Small Business Bill Payments

Small business owners face a growing threat from criminals who exploit their commitment to paying bills on time. According to the Federal Trade Commission, scammers are sending fake invoices to businesses for products or services they never ordered, hoping busy staff members will simply pay without checking.

How the Scam Works

The fraud typically begins when a business receives an unexpected invoice in the mail. These fake bills charge for services like tech support, domain registration, or search engine optimization that the company never requested. The invoices often appear legitimate and may claim to be from well-known companies like Geek Squad, or from unfamiliar businesses altogether.

To create urgency and pressure recipients into paying quickly, many of these fraudulent invoices arrive marked as "past due." This tactic plays on business owners' natural concern about maintaining good vendor relationships and credit standing.

Some criminals also use email to distribute fake invoices, but these messages serve a dual purpose. Beyond seeking payment, they function as phishing attempts designed to steal business data and gain access to company networks when recipients click malicious links or download infected attachments.

Protecting Your Business

The FTC recommends several steps to protect your business from invoice fraud. First, establish clear procedures for staff to verify all invoices before payment. Make sure your approval process requires confirmation that your company actually ordered the goods or services being billed.

When you receive an invoice from an unfamiliar company, research the sender before paying. Search online for the company name combined with terms like "review," "scam," or "complaint" to see what other businesses have experienced.

Train all staff members who handle invoices to examine bills carefully. Even in busy periods, taking time to verify charges can prevent significant financial losses and protect your business data from compromise.

What to Do If You're Targeted

If you receive suspicious invoices by email, forward them to the Anti-Phishing Working Group at reportphishing@apwg.org. This helps security experts track criminal campaigns and protect other businesses.

Report all fake invoices and related scams to the FTC at ReportFraud.ftc.gov. Your report contributes to investigations and helps authorities understand the scope of these crimes.

Small businesses already juggle numerous responsibilities, but taking time to verify invoices protects both your finances and your data. When in doubt, contact the supposed sender directly using contact information you find independently, not the details provided on the suspicious invoice.