Is that unexpected invoice email a scam?
Fake invoice emails fall into two broad categories. Consumer-facing versions look like purchase receipts from Apple, Google, Amazon, or PayPal for orders you didn't place. The goal is to get you to call a number to 'dispute' the charge — which is the entry point for the Geek Squad-style phone scam — or click a link to log in and cancel, which is the entry point for credential theft.
Business-targeted versions are more sophisticated: Business Email Compromise (BEC) scams impersonate a supplier, a senior executive, or an IT department to request that a payment be made to a new bank account. BEC causes over $2.7 billion in annual losses in the US alone, affecting businesses of every size.
Both types share a common thread: the invoice is for something unexpected or unrecognised, and the requested action — call, click, or pay — is the mechanism of the fraud.
🚩 Red flags to watch for
- ▶The sender isn't the company's real domain (apple@transaction-confirm.net vs @apple.com; amazon-order@support-billing.com vs @amazon.com).
- ▶The invoice is for a product or subscription you don't own and never ordered.
- ▶A phone number is prominently placed for 'disputes' or 'cancellations' — real companies handle these through their websites, not phone lines in emails.
- ▶For BEC scams: the bank account details on the invoice are different from those you've paid before, even if the rest of the document looks identical.
- ▶Unusual urgency from a 'manager' or 'executive': 'I'm travelling, please process this payment today — I'll explain later.'
- ▶The 'From' display name looks correct but the actual email address is different — check by clicking the sender name.
✅ What to do
- 1For consumer invoices: don't call the number or click any links. Log in to your real account (Apple ID, Google, Amazon, PayPal) directly by typing the URL to check your purchase history.
- 2For business invoices: verify any bank account change by calling the supplier on a number you already have on record — not a number from the email or invoice in question.
- 3Never process a payment that bypasses your normal approval chain, regardless of urgency or seniority of the requester.
- 4Report BEC attempts to the FBI's IC3 at ic3.gov — they have a dedicated recovery team that can sometimes claw back wire transfers if reported within 72 hours.
- 5Delete and block the sender.
📣 Where to report (by country)
🇺🇸 United States
🇬🇧 United Kingdom
- Action Fraud
- Police Scotland — call 101
🇦🇺 Australia
🇨🇦 Canada
🌍 Everywhere else
- Contact your local police and your bank immediately
- If money was sent, ask your bank about a recall request — act within hours
Got a suspicious message right now?
Paste it into our free AI checker for an instant pattern analysis
No account needed · Free to try · Privacy-first
Check your message free →No tool is a guarantee. AI pattern detection is a guide, not a verdict — always use your own judgment.
Common questions
The invoice has my correct name and email. How did they get that?
Your name and email address are frequently in data breach databases available on dark web markets. Scammers buy these in bulk and use them to personalise mass-sent invoices, making them feel more targeted than they are.
A supplier I've worked with for years just sent a new bank account number. Should I update it?
Stop and call them first — on a phone number you already have in your records, not one from the email. BEC attacks specifically target established supplier relationships because they're trusted. Verify every bank account change by voice.
I clicked the link in a fake Apple invoice. What should I do?
If you didn't enter your Apple ID credentials, you're probably fine — but change your Apple ID password as a precaution and enable two-factor authentication. If you did enter credentials, change your password immediately and review your Apple account for unauthorized purchases.