Featured

01 September 2025

Policy Watch: New rules on wages, contracts and vehicles explained

Rosina Robson, Chief Executive of the British Pest Control Association (BPCA), outlines key policy changes on the horizon that could affect pest management companies and technicians. More

<< back

Latest UK pest control and management news for professionals

11 September 2025

What is invoice fraud, and how does it affect traders?

PPC120 | BUSINESS

Invoice fraud is a threat to everyone. It occurs when criminals target a legitimate payment by a customer to a business and redirect that money to another bank account.

PPC asked our friends at Which? Trusted Trader for some advice on how pest management companies can avoid being stung by invoice scams.

invoice fraud hero

Invoice fraud is a threat to everyone. It occurs when criminals target a legitimate payment by a customer to a business and redirect that money to another bank account.

Scammers may target you directly by impersonating a supplier or subcontractor that you are expecting to pay
Or, they may contact your customers, pretending to be you, claiming that your bank details have changed to trick them into paying the wrong account.

The scam will only come to light when it’s too late - either because your real supplier is chasing you for payment, or your customer is insisting that they’ve already paid you.

Invoice fraud is categorised as an ‘authorised push payment’ or APP scam. It’s called that because victims are tricked into making the transfers themselves.

UK Finance, a trade association for the banking industry, says that invoice fraud losses hit £50.3m in 2023, up 2% year-on-year.

Invoice fraud: the tactics

Scammers typically hack into your email account to intercept messages with customers and suppliers. This isn’t as difficult as you might think – your password may have been leaked online, for example, or they may have used phishing tactics to steal your login details.

Once they’re in, they can search for messages about invoices you regularly send or receive, making note of the way you write and any other details that could help them impersonate you.

Armed with this information, they can then send fake invoices to your customers or suppliers – either by doctoring an existing invoice, or creating a new one – using their own bank details.

Even without access to your emails, fraudsters may simply imitate your business name by falsifying the ‘sender name’ of an email, as you can see below. The real sender is shown in here, and has nothing to do with Tesco Bank.

invoice fraud c1

What to tell a customer about invoice fraud

“Criminals may send you fake invoices, posing as a legitimate business, to trick you into sending them money. You are more likely to become a victim of this kind of fraud when you are expecting an invoice or payment request from a trader.

If you’re paying a business for the first time, or you’ve received a payment request to a different bank account, confirm that it is genuine before sending any money.

To help protect you, I will include my bank details and a confirmed contact number on every written quotation. If you accept my services and receive a request to pay a different bank account, please call us – using the number on the original quotation – to confirm we sent it”

Remember:

Criminals can impersonate a legitimate business and convince customers to pay into a fraudulent bank account
Always verify change of details with a trusted source
Where has the invoice come from? Check the email address and contact details.

Fraudsters may simply imitate your business name by falsifying the ‘sender name’ of an email.

How to protect your business

As a business, you may also be targeted. Criminals can create flashy websites and official-looking emails to impersonate suppliers in an attempt to defraud you.

Spot the following signs:

An unusual or unexpected financial request
Poor spelling and grammar or unusual language – it could be translated
No sign-off
Check for the spelling of the company name on the invoice for subtle differences and check the email address carefully (for example .org instead of .com).
Be wary of links and attachments in emails and keep your guard up, especially if you receive an email you are not expecting. Train any staff to look out for invoice scams.
Ensure your online accounts are protected
Secure your online accounts to keep fraudsters out.

Here are a few top tips:

Keep your computer up to date – you will be better protected if you keep the operating system (such as Windows or Mac) updated. You should receive notifications when you need to update the system
Use the latest version of your internet browser (such as Edge, Chrome and Firefox) – this will help to provide better protection from scams, viruses and other possible threats
Use security software (for example, anti-virus, antispyware and firewall) to protect your computer. Some computers already have security software installed, or you can check getsafeonline.org for advice on reputable providers
Use a different, strong password for every online account in case one gets hacked
You can use a password manager to help you store your passwords securely – this means you’ll only have to remember one strong master password
Enable multi-factor (or two-factor) authentication on your email account. This makes it much harder for someone to hack your account.

What to do if you think you have been scammed

Contact your bank immediately and report the incident to Action Fraud, or to Police Scotland if you live in Scotland. Secure any online accounts by changing your passwords, and review them for any suspicious activity.

You should also inform all customers and suppliers who may have received fraudulent invoices, so they can take appropriate precautions.

Individuals, micro-enterprises (fewer than 10 employees and turnover under £2 million) and small charities (annual income under £1 million) are now covered by new mandatory rules on reimbursement for authorised push payment (APP) fraud.

From 7 October 2024, firms using Faster Payments or CHAPS must refund victims in most cases.

The cost is split between the bank sending and the bank receiving the money.

UK Finance says that invoice fraud losses hit £50.3m in 2023, up 2% year-on-year.

Banks must reimburse you within five working days, up to a cap of £85,000. They may apply an excess of up to £100, but this does not apply if you are classed as vulnerable. Refunds can be refused if there is clear evidence of gross negligence or fraud on your part.

If your payment was made before 7 October 2024, some banks still follow the voluntary Contingent Reimbursement Model (CRM) Code, and Which? has a template letter to help with these older cases.

Whatever the date, you should make a formal complaint to your bank explaining what happened and that you are a victim of APP fraud.Payment service providers must reply within 15 business days.

If they do not respond in time, or you disagree with their final decision, you can escalate your case to the Financial Ombudsman Service.

STAY SAFE
Sign up for Which? Scam Alerts.
which.co.uk/scam-alerts

Interested in joining Which? Trusted Trader?
BPCA members get special rates with Which? Take a look at the benefits and offers at bpca.org.uk/which

Back to news