Business cyber safety guide

Fake Invoice Scams Targeting Small Business in Australia

Fake invoice scams often work because they look normal, arrive at busy times and use urgency to push payment before checking.

Quick answer: stop and verify using a trusted contact method before you pay, approve, reply or ignore warning signs.

Your IT & Tech Mates fake invoice scam guide for Australian small businesses checking urgent invoice emails and changed bank details before payment.
Your IT & Tech Mates fake invoice scam guide for Australian small businesses checking urgent invoice emails and changed bank details before payment.

Fast decision

PauseDo not rush payment or approval.
VerifyUse a known contact method.
RecordKeep a short evidence note.
EscalateAsk for help if risk remains.

What this means for a small business

Fake invoice scams often work because they look normal, arrive at busy times and use urgency to push payment before checking.

Most business cyber problems become expensive when a normal-looking request is handled too quickly. A safer process gives staff permission to pause, check the source, and ask for help before money, access or sensitive information is exposed.

This guide uses fake examples only. It is designed to help you prepare a safer next step, not to collect private records or replace professional investigation.

Warning signs to check

  • Invoice arrives with urgent payment pressure.
  • Bank details changed without a trusted phone confirmation.
  • The email address is close to the real one but not exactly the same.
  • The invoice asks you to bypass normal approval.

What to do now

  • Pause payment and verify with the supplier using known contact details.
  • Check if the same invoice was expected, already paid or duplicated.
  • Keep suspicious emails and invoice copies for review.
  • Call the bank immediately if payment was already sent to a wrong account.
Safe next stepUse the related free tool to turn the warning signs into a plain-English action note for your business.

What not to do

  • Do not forward the invoice to staff with only “please pay this”.
  • Do not trust a reply from the same suspicious email chain.
  • Do not change stored supplier details without verification.
Money already sent?Contact your bank immediately. Then save the email, invoice, payment and verification details for review.

Related Business Cyber Safety links

FAQ

Is this a formal cyber audit?

No. This is a practical self-check guide, not a formal audit, investigation, certification or guarantee.

Should I share passwords or login codes?

No. Do not share passwords, login codes, banking passwords, card numbers or private customer records through this guide.

What if money has already been sent?

Contact your bank immediately. Then collect the invoice, email details and verification notes for review.

Updated