Skip to main content

7 Ways to Prevent Invoice and Email Fraud: A Comprehensive Guide

A Comprehensive Guide to Preventing B2B Payments Fraud

The FBI reported that Business Email Compromise (BEC) and invoice fraud has cost U.S. businesses more than $2 billion between 2014 and 2019 through BEC scams. These events have been reported in all 50 states and in 177 countries.

If businesses and corporate finance professionals do not find a way to mitigate the risk of email and invoice fraud quickly, we could see twelve-figure losses in the not too distant future. That’s why we’ve created a comprehensive guide to help you reduce the risk of invoice and email fraud in 2021 and beyond.

First, we’ll take a look at the primary reasons why invoice and email fraud are on the rise, and then we’ll outline seven ways to avoid it. Like all things, protection starts by understanding the root cause. 

stack of invoices with paid stamped on the top


What Causes Invoice and B2B Payment Fraud

In simple terms, massive breakthroughs in information technology and computer science (aka the internet of things) catapulted B2B payments and invoice management out of the dark ages almost a decade ago. Technology and payments have continued to evolve, but some businesses have remained stagnant, favoring old paper-based manual processes and half measures over more secure and efficient cloud solutions.

Fraudsters and scam artists took notice. While both large and small companies turned a blind eye to advancements in B2B payment methods, IT infrastructure, payment automation solutions, invoice automation, and increased security, fraudsters poured all of their energy into taking advantage of the apparent apathy in business finance. 

BEC and invoice fraud have become so complex that many fraudsters have automated their processes to streamline attacks and significantly increase the chance of a successful attempt. Today, teams of fraudsters conduct extensive research on which companies still rely on outdated invoice approval processes and build their BEC strategy around specific weaknesses.

Some methods have become so effective that many fraudsters consider BEC and email fraud to be a successful business. When you look at the data, it’s hard to argue with them. The fraud business is booming. So much so that that we have seen the emergence of a brand-new genre of music, scam rap. Despite the illegal nature of the topic, it has a surprisingly large following.

Perhaps the most staggering statistic is the number of corporate leaders who believe that fraud is on the rise but admit to having no plans to combat the attacks. Over 75% of business professionals surveyed in 2019 expressed growing concern over the drastic increase in invoice and email fraud over the last few years. But few individuals surveyed said they were planning on adding more resources to mitigate risk or implementing processes that auto-detect fraud like payment and invoice automation. 

Einstein quote on how insanity is doing the same thing over and over again and expecteing different results

It’s tough to believe that after years of technological advancements in B2B payments (invoice, AP & AR), invoice and email fraud are still gaining ground. But then again, 72% of businesses still receive invoices via snail mail, and paper checks still account for 42% of B2B payments. The good news is, things are changing. The rise of faster and more secure payment methods is expediting the adoption of technological advancements in B2B payments and invoice automation. And it’s undeniable that the impending surge of invoice and email fraud is a driving force behind the increased rate of adoption.

One of the primary factors contributing to the increase in fraudulent activity is the ease of infiltration from professional fraudsters and the lack of security in even the most advanced finance departments across the globe. It’s not just small and medium-sized businesses at risk, either. 

Per the Association of Finance Professionals (AFP), 74% of organizations were targets of payment scams in 2020. While this percentage is smaller than what was reported in the two previous years—it indicates that a large percentage of companies continue to be impacted by payments fraud.

businessmans hands working on electronic invoice on laptop

One reason for the shift in strategy is fraudsters have caught on to the secret that awareness does not necessarily mean increased protection. More than three-quarters of businesses surveyed claimed to have implemented stronger internal controls to protect against fraud in 2018 to no avail, with 43% of companies suffering financial loss from payments fraud. And that’s only the fraud they were able to catch.

In a recent survey, 27% of companies that encountered fraud in 2019-2020 found that their fraud-induced losses exceeded their anti-fraud expenditures. What’s even more alarming is that, on average, companies only recover 25% of what they lose.

To put it in perspective, in March 2019, a man from Lithuanian plead guilty to bilking over 123 million USD from Facebook and Google over the span of a few years. Not only is that an incredibly large sum of money, it’s also a long time for a fraudster to go unnoticed. It’s unknown exactly how much Google and Facebook were able to recover, but the average business would only recover $30 of the $123 million they lost. That’s enough to break some companies financially.

It’s past time for businesses to get serious about preventing severe damages incurred from invoice and email fraud.

At OnPay Solutions, we’re committed to bringing awareness to fraud and ensuring that as many companies are protected as possible. It’s one of the reasons we’re so passionate about automation. We’re not alone, either. Increased security and operational efficiency are two of the penultimate goals for FinTech as a whole. We know that technological advancements also breed a higher risk of exposure for slow adopters. It’s been that way for years. That’s why we’re here to help.


Here are seven things companies can start doing immediately to fight back against invoice and email fraud.


1) Employ 3- or 4-Way Matching

If you can match each invoice to a purchase order or a receipt of goods ordered, then you are far less likely to pay a fraudulent invoice. Most fraudsters aren’t going to go through the trouble of fabricating 3 or 4 documents. Our invoice matching solution utilizes a 4-way matching process with two separate OCR engines.

We use robotic processing to classify specific invoices by high volume generators and create templates to zone in on certain fields. We also use cognitive automation to isolate keywords and compare against previous invoices flagging any fraudulent activity. Finally, every invoice is reviewed by our internal team before migrating out to the workflow. 4-way matching is the only invoicing matching with a 100% accuracy rate.


hand holding piece of whie puzzle on blue background

2) Check On Suppliers

Fraudulent emails and invoices are typically issued under fake business names or use legitimate names with an address or bank account number that’s one or two numbers off. You’ll want to look up any new vendors to make sure they’re legitimate before issuing payments. A quick Google map search can help you confirm if the address and name are correct.

It’s also a good idea to check in with existing vendors when payment information changes. Alternatively, you can use invoice and payment automation software to flag new vendors and payment information automatically and alert you when something is off.


3) Track Invoice Activity

If you’re diligent about tracking invoice activity, you’ll notice when something changes or seems odd. For instance, if you usually receive 10 – 12 invoices a month from a particular vendor and that number doubles one month, you might want to check with the vendor to ensure they’re all correct.

A common type of invoice fraud is to send duplicate invoices or invoices that closely resemble regular orders. Fraudsters typically monitor email communications for months to years before launching an attack. Keeping a close eye on invoice activity or taking advantage of a system that does it for you is an excellent way to protect yourself.


Businessmans hands using laptop with email on the screen with fake written in red letters across

4) Watch Invoice Amounts

This may seem like a no-brainer, but you would be surprised at how many fraudsters are aware of their target company’s approval processes. For instance, your company may require additional review for invoices over $2,000 (example), so they’ll send you an invoice just under that amount.

Anything coming in that’s close to your threshold should get another look. Invoice automation makes it easy for you by tracking the total history of payments from each vendor and flagging any variations from the norm.


5) Utilize Multistage Authorization (Especially for Large Amounts)

Again, this probably seems like common sense, but studies show that many companies rely on the same individual to authorize everything. The more eyes you have checking an invoice and payment, the more likely you are to catch fraudulent activity before it’s too late.

With invoice automation, you can set up approval processes that trigger automatic alerts for certain payments or amounts. For instance, if the marketing department contracted an agency to run a commercial or a promotion, invoice automation software can alert the AP department and the marketing professional who ordered the service, so that both parties can approve the invoice in one place.


urgently, rapid for busy work, word imprtant concpets. Urgent busy works. Concept image

6) Don’t Be Pressured & Always Triple Check Information

We’ve all been there, first thing in the morning you receive an urgent email from a known supplier or maybe even your CEO. The subject line reads “URGENT ATTENTION REQUIRED,” and the body says, “Approve Immediately.” You recognize the signature, the email address, the order, everything. But it isn’t them. Fraudsters thrive on the high-speed nature of the corporate world.

Everything needs to be prioritized and executed quickly and efficiently. Except for manually approved payments and invoices. Always triple check urgent emails and invoices.


7) Achieve Maximum Protection Through Automation

Automation virtually eliminates BEC & email fraud and provides additional protection against other forms of fraud. Invoice automation can easily pick up on fraudulent invoices and cut your costs on invoice processing tremendously. Payment automation can drastically reduce the number of checks you’re issuing, converting those payments to more secure payment types like virtual cards and ACH.

Check fraud is the payment type targeted the most for attempted/actual fraud at 66%. Meanwhile, Virtual Cards have proven to be one of the most secure payment methods. Virtual Cards are generated with a one-time-use number meant for a specific amount that self-destructs after use. Virtual Cards are also revenue-generating. Read more about them here.




There you have it. Seven easy ways to prevent, reduce, mitigate, and in some cases, eliminate invoice and email fraud. We realize that this may not be the most uplifting article you’ve ever read. Difficult topics can be hard to talk about; we just hope it helps reduce successful fraud attacks in the future. According to the ACFE, it’s estimated that businesses lose 5% of their total revenue to fraud every year. To us, that’s unacceptable.

Chief Fraud Strategist, Frank McKenna, said it best,

“Sorry for the pretty somber outlook, but we believe the battle against fraud is only won by fighting off complacency. The minute we think we have fraud licked, we’re going to have big problems.”

The moral of the story is simple: the threat of B2B payments fraud is real, and it’s gaining traction. It’s imperative that every company, big or small, bands together to adopt new solutions created to streamline payments processes and protect against fraudulent activity like invoice and email fraud.

It’s critical to the success of businesses around the world to stem the rise of fraud and create a brighter future for the B2B payments landscape.

Originally published February 13, 2020. Updated August 2, 2021 for quality and content.