Fake invoice and payment redirection scams
Fake-invoice and payment-redirection scams send realistic invoices or 'change of bank details' to get you to pay the wrong account.
Quick answer: Always verify invoices and any 'updated bank details' through a known contact before paying.
How fake invoice and payment redirection scams work
You receive a realistic invoice, e-signature request, or 'your card failed' notice prompting payment or login.
Either you pay a fraudulent invoice, or you 'call support' and are walked into card details or remote access.
Verify charges and bank-detail changes through official accounts and known contacts, not the email.
Common opening lines
- “Invoice attached - you were charged; call to dispute.”
- “Your subscription auto-renewed - click to cancel or get a refund.”
- “A document is ready to sign - log in to view.”
Example patterns
Sanitised examples - placeholders only, never real links or data.
Example only: PayPal invoice: you were charged. To dispute, call the number or click here: [fake-link removed]
Example only: Your subscription auto-renewed for a large amount - call us or click here to cancel: [fake-link removed]
What the scammer wants
- Payment of a fraudulent invoice
- Card details via a fake 'refund'
- Login or remote access
Where it spreads
Platforms: Email
Brands impersonated: PayPal
Watch especially in: United States, United Kingdom
Red flags
- payment request
- brand impersonation
- suspicious link
- fake authority
What to do now
- Stop paying and keep the deal/communication on official channels.
- If money moved, contact your bank or payment provider immediately.
- Save evidence and report to your national cybercrime authority.
What not to do
- Don't pay a fee to receive money, a refund, a prize, or to 'release' funds.
- Don't pay via gift cards, wire, or crypto to someone you haven't verified.
- Don't trust payment screenshots as proof of payment.
If you already responded
If you went further: if you clicked, don't enter anything and change any details you typed; if you entered card details, freeze the card with your bank; if you shared an OTP, change the password and enable app-based 2FA; if you paid, contact your bank or provider immediately; if you installed an app or gave remote access, disconnect, uninstall, and change passwords from a clean device.
How to verify safely
Check charges by logging into the service directly; verify any invoice or bank-detail change with a known contact before paying.
How to report
Report through official channels you find yourself - never a number or link from the message. Tell your bank or payment provider if money moved, and file with your national fraud or cybercrime body. Find the right links in the reporting directory. Open the reporting directory.
Watch for 'recovery' offers afterwards: anyone promising to get your money back for an upfront fee is running a second scam.
Related scam messages you can check
- PayPal invoice email Suspicious
- PayPal invoice scam Likely scam
- deepfake CEO wire transfer message Likely scam
- fake DocuSign document message Likely scam
- SharePoint file share phishing Likely scam
- OneDrive document phishing Likely scam
- subscription renewal scam email Likely scam
Related platforms
Related brand impersonation
Report in your country
Related red flags
Emergency guides
Related terms
Sources checked
- FBI IC3 - Senior US officials impersonated in malicious messaging campaign (2025)
- FTC Consumer Advice - Imposter scams
Frequently asked questions
Is this invoice real?
Open the service directly and check your account. Don't call numbers or click links in an unexpected invoice email.
Last reviewed: 2026-06-05
This is general safety information, not legal, financial, or cybersecurity incident-response advice. We can't detect every scam or guarantee recovery - always verify through official channels.