Don’t Get Reeled In: A Small Business Guide to Spotting ‘Phantom Invoice’ Scams

As a business owner, you wear many hats: CEO, finance department, and often, the IT helpdesk. You’re busy. You’re focused on growth. The last thing you need is a phantom invoice derailing your hard-earned success. But in today’s digital world, the risk of payment fraud is higher than ever, and small and medium-sized businesses (SMBs) are squarely in the crosshairs.

These aren’t the badly spelled emails from a foreign prince we all learned to ignore. Modern scams are sophisticated, targeted, and designed to create a sense of urgency that bypasses common sense. They go by names like ‘Invoice Redirection’ or ‘Business Email Compromise’ (BEC), but the goal is the same: to trick you or your team into sending money to a criminal’s bank account.

The scary part? For a small business, a single incident can be devastating. With an average loss of around £4,000, it’s a direct hit to your bottom line.

So, how do you protect your business? It starts with knowing what to look for.

Criminals are doing their homework. They study your company website, your social media, and supplier relationships to make their fake requests look incredibly real. But no matter how clever, they often leave clues. Here’s your checklist for spotting a phantom invoice:

• Check the “From” Address. Really Check It. It might display a familiar name, but the email address itself can tell a different story. Hover your mouse over the sender’s name to reveal the actual address. Look for subtle misspellings (like supplier@company.co instead of .com), character substitutions (using ‘rn’ to mimic an ‘m’), or a public email address (like Gmail) being used for official business.

• “Urgent Action Required!” – The Pressure Tactic. Fraudsters love to create panic. They use phrases like “urgent payment needed to avoid disruption” or “this is a confidential matter” to rush you into making a mistake. This is a psychological trick designed to make you bypass normal procedures. Don’t fall for it.

• A Sudden Change of Bank Details. This is the classic invoice redirection scam. You receive an email, seemingly from a regular supplier, notifying you of new bank details. An unprompted email should never be the only way you accept such a critical change. Ask yourself: Is the new bank in a strange location? Is the beneficiary now a personal name instead of a company?

• Trust Your Gut. Does the email just feel… off? Perhaps a supplier who is usually informal is now sending a very blunt, formal request. Or maybe the formatting looks strange. These subtle shifts can be a sign that something is wrong.

If you suspect you’ve made a fraudulent payment, time is of the essence.

• Contact your bank immediately. If the transfer was recent, they may be able to recall the funds.

• Report it to Action Fraud. This is the UK’s national reporting centre for fraud and cybercrime.

• Preserve the evidence. Don’t delete the suspicious emails. They are vital for any investigation.

Running a business is hard enough without having to worry about criminals trying to empty your bank account. By understanding their tactics and implementing these simple, robust checks, you can significantly reduce your risk and keep your finances safe.