Altered invoice scams

An altered invoice scam can be difficult to recognise. Read on to learn more about this type of scam and how to keep yourself safe if you're a business or paying an invoice.

What are altered invoice scams?

This scam is a tricky one, as it's usually an invoice or request for payment that you were expecting and the invoice looks like it's come from the business that it’s supposed to.

The only visible differences are:

  • the bank account number has been altered on the invoice
  • you may receive a follow up email from the business requesting to change their account number.

If scammers gain access to a business' email account, they’ll read the emails for a couple of weeks to see when large payments are due. The scammer may then send an email from the business’ email address asking the customer to pay into a different bank account as they have recently changed banks.

Tips to avoid altered invoice scams

Whether you're sending or receiving an invoice, businesses as well as customers can be affected by this type of scam.

Sending an invoice Receiving an invoice

Sending an invoice

  • Communicate verbally if your business changes its bank account number.
  • Strengthen your email security with strong passwords and two factor authentication where possible.
  • Set up logging on your business’ email to track unusual log in attempts and pay particular attention to strange log in times.

Receiving an invoice

  • Limit the number of people in your business who are authorised to make purchases or pay invoices.
  • Check invoices before paying them, do they look legitimate? If the account number has changed, its always a good idea to call the business to check they have in fact changed their bank account. Use the business' number saved in your phone or on their official site, not the number listed on the invoice.
  • Have a list of suppliers you use and if you're a business, get new suppliers approved before using them. When you receive an invoice, check the supplier against this list to make sure the invoice is from an expected supplier.
  • Before paying an invoice, check to see if the item has been received first. Always confirm if goods or services have been requested and received by others in your business or household before paying an invoice.
  • When making payments online, use Confirmation of Payee to check that the account owner name matches the account number of the person or business you're paying.
  • If you're paying a recurring invoice, ensure the invoiced amount is roughly what you normally pay.

Helpful resources

What to do if you've been scammed

Anyone can fall for a scam. If you suspect that you've been scammed, get in touch with us as soon as possible.

Get in touch

Call us on 0800 113 355 (or +64 4 473 1133 from overseas) if you think you've been scammed.

Report suspicious activity

If you think you’ve been sent an email that doesn’t look like it’s from us, forward it to suspicious.email@kiwibank.co.nz.