See if your information has been exposed in a data breach with our latest free tool Check Now

Invoice Fraud Statistics: Don’t Be the Next Victim!

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

Have you ever paid an invoice that turned out to be fraudulent? It’s more common than you think, with Xero stating that nearly 1 in 5 Australian small businesses become victims of invoice fraud, costing $15,500 on average.

As scary as that may sound, there are ways to protect yourself from falling victim to these criminals — but only if you know what to look out for! Take a look at these invoice fraud statistics and use them to ensure your company never has to pay another fraudulent invoice again!

Author’s Top Picks

  • 3 in 10 (29%) respondents didn’t know how to spot a fraudulent invoice or were unsure if they would know how.
  • Shark Tank entrepreneur stated that she’d lost nearly $400,00 to an invoice scam and confirmed that she wouldn’t be able to recover the funds.
  • Amazon fell victim to invoice fraud paying over $19 million for items that were never purchased.
  • According to a 2012 KPMG poll, 64% of organisations still rely primarily on manual control testing to detect control violations such as duplicate invoice payments.

Invoice fraud statistics

1. Australian businesses lost $277 million to payment redirection scams in 2021, a 77% increase compared to 2020.

The ACCC demonstrates how dangerous payment redirection scams have gotten over the past year. In 2021, Australians accumulated $227 million in payment redirection scams which is a 77% increase compared to 2020. The report shows that this form was the most financially damaging for businesses.

2. 3 in 10 (29%) respondents didn’t know how to spot a fraudulent invoice or were unsure if they would know how.

Fraudulent invoices are frequent in the Accounts Payable department. Verifying an invoice or email may not be time effective. An easy way to identify a fraudulent invoice is by double-checking information like email addresses, invoice numbers, payee details, and bank account information. When you follow a verification process and employ a callback control system, you are less likely to take the risk.

3. Fraudulent invoices caused the highest losses across all scam types in 2019, costing businesses $132 million, according to the ACCC's Targeting Scams report.

Business Email Compromise (BEC) is a common method by scammers to send fraudulent invoices, resulting in the highest losses of all scam types in 2019. The scammer sends emails to the business’ clients asking them to make payments to a fraudulent account.

4. 1 in 5 (22%) respondents know of another small business that has encountered cyber criminals sharing fraudulent invoices, with 1 in 10 (11%) saying their peers were targeted within the past year.

Invoice fraud is becoming more frequent among Australian businesses. The Xero survey highlights small businesses are the most targeted in invoice fraud. This data can be concerning for CFOs or AP teams that don’t prioritise their security around invoice verification.

5. In a survey of nearly 2,000 small businesses and 62% of them had been hit by some level of a cybersecurity breach. Invoice interception is one of the most common forms.

The Small Business Ombudsman, Kate Carnell, cites the dangers to small businesses of having their invoices intercepted by scams. Scammers are evolving their attacks. Not only is the perpetrator draining the organisation’s bank accounts, but they are erasing their tracks and becoming harder to track, making the attack more difficult to spot.

6. During the third quarter of 2020, BEC attacks received per company each week rose by 15% from the second quarter. Among these attacks, employed invoice or payment fraud jumped by 155%.

Cybercriminals are increasing their attacks on Australian SMEs every year. Business owners and CFOs must prioritise their cyber security controls to minimise the risk of a BEC attack. During the pandemic, invoice and payment fraud campaigns soared. Scammers were quick to realise that some SMEs did not prioritise their cybersecurity controls on remote devices.

7. Shark Tank entrepreneur stated that she’d lost nearly $400,00 to an invoice scam and confirmed that she wouldn’t be able to recover the funds.

Shark Tank Star Barbara Corcoran lost $388,700 as a result of invoice fraud. Fraudsters took advantage by impersonating Barbara’s assistant. The fake email was then approved by the bookkeeper which enabled the scam. Be sure to review any new payment details or amended invoice payment methods before settling any debts.

8. In 2022 Australians have lost $10,860,525 in false billing thus far. The email was the most recurring delivery method used.

Reports by Scamwatch found that NSW is the most targeted in false billing scams. Email is the most common delivery method of scamming finance teams. Despite these numbers coming from complaints reported to the ACCC, you can expect that there are significantly more scams that aren’t reported.

9. Amazon fell victim to invoice fraud paying over $19 million for items that were never purchased.

When it comes to cybercrime, all businesses can be at risk. In this case, Amazon was a victim of invoice fraud. The company had been defrauded of $19 million for items that were never purchased. The attack was initiated by four brothers that had manipulated data to make illegitimate payments.

10. The Lloyds Bank Survey suggests that only 20% of the companies reviewed their invoices & 37% do not have a process to prevent invoice fraud.

Secure invoicing is a process that must be prioritised around all financial individuals involving CFOs, finance managers, & accounts payable departments. Best practices in securing invoices are, verifying the company name on every invoice, checking the payable address, and comparing receipt of goods and purchase orders.

The cost of invoice fraud

11. According to Scamwatch, Australians lost $2,023,376 in January 2022.

In 2021, Scamwatch continued to see record levels of scam activity in Australia. Aside from business disruption, cybersecurity breaches can result in things like data loss and reputational damages, which can lead to devastating effects on your personal life.

12. The most targeted age group of invoice fraud was from 45 to 54. 1,146 reports state that the total loss was $3,554,023.

Invoice fraud statistics highlight the occurrences among men & women aged 45 to 54. Scammers are familiar with the financial advantages that this age group has compared to a younger demographic.

13. The United States Department of Justice reveal charges against 243 individuals for approximately $712 million in false billing scams.

As part of the $712 million Medicare fraud scheme, 243 individuals involving 46 doctors, nurses, and other licensed medical professionals have been charged. The Department of Justice states “this action represents the largest criminal health care fraud takedown in the history of the Department of Justice”.

14. Fake invoice payments have cost UK businesses 81 million euros and Irish businesses 6 million euros in 2021.

Businesses are faced with paying several invoices every month to maintain strong supplier relationships. A fake invoice scam could arise when the business is under a lot of pressure. AP departments who cut corners around the verification process could pose a huge risk to the organisation.

15. Larger smaller businesses lost the most with a false billing cost of $23,370 on average compared to micro-businesses.

In light of such glaring data, there has been a greater push toward the adoption of e-invoicing among businesses as a way to counteract invoice fraud & duplicate payments. E-invoicing allows companies to streamline their invoice processing cycles, improve efficiency in approving & tracking as well as faster payment schedules.

16. The Identity Theft Resource Center (ITRC) has seen an increase in a handful of BEC scams, including business invoice phishing emails.

Business invoice phishing emails are continuing to rise each year. The ITRC reports that organisations can expect to see more weekly emails where a business executive’s email is spoofed to steal sensitive data.

Duplicate invoice statistics

17. The Australian Competition and Consumer Commission (ACCC) reports that duplicate invoices cost Australian businesses more than $7.2 million in 2018, a 53% increase compared to 2017.

Duplicate invoices occur when a supplier or group submits duplicate or inflated invoices to defraud the company of money. Scammers utilise this tactic to target companies that have poor administration practices.

18. Studies have shown nearly two-thirds of UK finance professionals have received duplicate invoices. Approximately 1% of all invoices are paid more than once.

Without automation or a better-managed process, you may be paying an invoice twice. Other than coordinated attacks, an intentional error is a significant factor when it comes to duplicate payments. One common method is when finance team members alter the invoice number by adding additional characters.

19. Research shows that on average, approximately 0.1% to 0.05% of invoices are typically duplicated payments.

One reason for duplicate payments is redundant entries of vendors in enterprise resource planning (ERP) systems. Some accounting teams don’t spend much time inputting the vendor list and information. When the vendor list isn’t monitored and maintained correctly, there will likely be more than one data entry.

20. According to a 2012 KPMG poll, 64% of organisations still rely primarily on manual control testing to detect control violations such as duplicate invoice payments.

A few steps that CFOs can do to reduce duplicate payments are reviewing the vendor master files on an ongoing basis, limiting manual check requests, establishing a standard policy for invoice numbering and adopting a vendor payment policy.

21. 25% of AP professionals say that duplicate invoices or payments are pain points of AP operations, following The Digital Shift report.

Digital Shift suggests that artificial intelligence (AI) powered systems can help reduce duplicate payments through invoice detection. According to David Disque, the CSI President, “the most prevalent errors result from human error due to manual procedures”.

22. Data from APQC’s Open Standards Benchmarking Accounts Payable survey shows on average, that nearly 0.8% of their annual disbursements are duplicate or erroneous.

Even if these numbers might seem small, one wrong or duplicate disbursement could total up to tens of thousands of dollars and seriously affect your finances.

Internal invoice fraud statistics

23. Accountant Stephen Jones sneakily defrauded his employer CPCCommodities of more than $765,000 over 5 years.

A company’s external and internal threats must be considered when assessing its risk profile. However, most insider threats go undetected. In this case, Stephen Jones transferred the money to his account from an invoice he created. Being part of the company allows an employee to engage in internal fraud easily when they have access to company data.

24. One employee and his wife stole $3 million from Toys R Us and Tumi Luggage.

Philip Charles, a 64-year-old resident of New Jersey, created several shell companies to embezzle Toys R Us and Tumi Luggage of a combined $3 million. This is just one incident of an extensive operation that resulted in the company’s extensive losses.

25. 4.6M euros were stolen by a former senior IT executive via self-signed invoices.

Usually, the most complex, inventive and creative insider threats are difficult to detect. These all have a common objective, to defraud or sabotage the company’s finances. Defending against this crime involves reviewing permissions and authorisations on invoices, rotating duties, and providing employees with cybersecurity training that can help them spot malicious behaviour.

26. A ConocoPhillips employee created fraudulent invoices to trick the oil company into paying more than $3 million.

According to Conoco, the employee embezzled nearly $7.3 million, but the criminal charges so far only allege they stole about $3.1 million. The employee had set up a supply business together with another individual orchestrating fraudulent payments.


There is no playbook that scammers use when it comes to creating a fraudulent invoice. Scammers are coming up with innovative ways to deceive your accounts payable teams. Follow these tips on identifying a fake invoice:

– Any information on the invoice that may seem unusual like spelling mistakes or special characters
– The account numbers look different across the whole invoice e.g. different fonts or sizes
– The company logo looks altered or replaced
– The email address is not the same as listed on the invoice compared to your emailing database
– Purchase order numbers are different to what you have in your company records
– Order details have been altered either with vague terms or for larger items that were not agreed upon

Scamwatch reports that the most common form of delivery is email, but phone, text message, internet, mail, social networking, and other forms are also options. After gaining access to your email, the scammer can impersonate an employee, collect sensitive information, or steal your identity.

If you’re worried about how your business can reduce risk, make sure to check any invoice information that you’re suspicious of, follow up on any alterations in billing information, and limit the number of people who can make payments.

Often, the company which pays the invoice for the goods or services to the fraudulent account is responsible for the loss because they failed to pay the invoice in the first place. Yet, each case varies. Tracking the origin of a scam can lead investigators to identify the person responsible.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.