How to Spot Fake Invoices: A Complete Guide

Fake invoices are one of the most common fraud tactics used against businesses today. Through intercepted emails, spoofed vendors, or entirely fabricated documents, fraudsters routinely use modified or forged PDF invoices to redirect payments. Most fake invoices leave detectable traces if you know what to look for.

This guide covers the key red flags, technical verification steps, and business processes that help you catch fake invoices before they cause financial harm.

Why Invoice Fraud Is So Common

Invoices are high-value targets because they carry payment instructions. A single fraudulent invoice can redirect thousands or hundreds of thousands of dollars to a criminal account — and recovery is often impossible once the payment clears.

As covered in our article on how criminals modify PDF invoices, attackers use widely available PDF editing tools to change bank account numbers, amounts, and contact details while keeping the rest of the invoice looking identical to legitimate versions. The modifications can be nearly invisible to the naked eye.

Red Flags in Invoice Content

Before doing any technical analysis, a careful visual review can catch many fake invoices.

Formatting Inconsistencies

Compare the invoice against previous ones from the same vendor:

• Mixed fonts or misaligned text: Editing software sometimes introduces subtle font substitutions
• Blurry or pixelated elements: Text that was overlaid on an image may look slightly degraded
• Inconsistent spacing: Added or replaced text often has different character spacing than the original

Unusual Payment Details

This is the most common modification in invoice fraud:

• New bank account numbers: Criminals almost always change the payment destination
• Requests to pay to a personal account: Legitimate businesses use business accounts
• Different payment methods than usual: A vendor suddenly requesting wire transfers instead of ACH is suspicious

Generic or Missing Business Information

• Vague company names or missing tax IDs: Fabricated invoices often lack complete business details
• No street address or only a PO box: Legitimate vendors have registered business addresses
• Incomplete contact information: A real company wants to be reachable for payment inquiries

Spelling and Grammar Errors

Professional businesses proofread their invoices. Obvious typos, grammatical errors, or awkward phrasing that was not present in previous invoices from the same vendor are warning signs.

Suspiciously Round Numbers

Fraudsters sometimes use round figures like exactly $5,000.00 or $10,000.00 without itemized line items. Real invoices typically have specific amounts that reflect actual costs.

Technical Verification Steps

Visual inspection catches surface-level fraud. Technical analysis catches sophisticated modifications.

Check PDF Metadata with HTPBE

Upload the invoice PDF to HTPBE to verify whether it has been modified after creation. A modified invoice is a major red flag.

Key things to review in the analysis results:

• Modification status: If the PDF shows as “Modified,” the file was changed after it was generated
• Creation date: Does the PDF creation date match the invoice date? An invoice dated January 2024 but created as a PDF in March 2026 is highly suspicious
• Creator and Producer: Does the software match what this vendor typically uses? A company that always sends invoices from their accounting system should not suddenly send one created in a generic PDF editor

Compare Against Previous Invoices

If you have past invoices from the same vendor, upload both to HTPBE and compare the metadata:

• Do the Creator and Producer applications match?
• Are the PDF versions consistent?
• Does the creation workflow look the same?

Inconsistencies across invoices from the “same” vendor suggest the new one may have come from a different source.

Verify Invoice Numbers

Check whether the invoice number follows the vendor’s sequential numbering system. Duplicate invoice numbers with different payment details, or numbers that skip unexpectedly, indicate fraud.

Business Verification Steps

Technical checks and visual review should be combined with direct vendor verification for any high-value invoice or when something appears unusual.

Contact the Vendor Through Official Channels

This is the most reliable step. Call the vendor using a phone number from their official website or your previous records — never from the invoice itself or from the email that delivered it. Ask them to confirm:

• Was this invoice actually sent by your company?
• Is the bank account number correct?
• Can you resend it from your official email?

Request a Resend

When in doubt, ask the vendor to resend the invoice directly from their verified email address. Compare the re-sent version with the one you received. If the re-sent version has different bank details, the original was fraudulent.

Cross-Check Against Purchase Orders

Every invoice should correspond to a purchase order or service agreement your company initiated. An invoice for goods or services you did not order, or a duplicated invoice for something already paid, requires immediate review.

What to Do If You Suspect a Fake Invoice

Before Payment

1. Do not pay until verification is complete. Fraudsters create artificial urgency; legitimate vendors will wait while you verify.
2. Report to your finance or fraud department. Do not handle it alone if there is a compliance team.
3. Document everything. Save the suspicious email, the PDF, and any related communication before forwarding or deleting anything.
4. Contact the legitimate vendor. Inform them their identity may have been used in a fraud attempt so they can alert their own customers.

After Payment

If payment was already made:

1. Contact your bank immediately. Wire transfers can sometimes be recalled within 24–72 hours; act fast.
2. File a report with the FBI IC3 (ic3.gov) if you are in the United States, or the equivalent fraud reporting body in your country.
3. Document the metadata evidence. The HTPBE analysis report showing modification may be useful for your fraud report or insurance claim.

Prevention Best Practices

The most effective defense is a process that makes invoice fraud difficult to execute.

• Verify invoice PDFs routinely: Run all incoming invoice PDFs through a modification checker before processing payment
• Establish a vendor payment database: Maintain a verified record of bank account details for each vendor, updated only through confirmed direct contact with the vendor
• Require dual authorization for high-value payments: Two people must independently verify both authenticity (technical) and business validity (order confirmation) before payment is processed
• Train accounts payable staff: Regular training on invoice fraud tactics reduces the success rate of social engineering attacks significantly
• Never change bank details without a phone call: Any invoice or email requesting a bank account change should trigger a mandatory callback to the vendor before updating records

Conclusion

Spotting a fake invoice requires combining visual inspection, technical metadata verification, and direct vendor communication. No single step is sufficient — fraudsters can produce invoices that pass visual inspection, and technical verification alone does not confirm the document came from the correct vendor.

The combination of checking PDF authenticity with HTPBE, reviewing creation metadata, and confirming directly with the vendor through official channels catches the vast majority of invoice fraud attempts.

For more on how criminals technically modify PDF invoices and the methods they use, see our detailed article: Invoice Fraud: How Criminals Modify PDFs to Steal Money.

Verify invoices before payment — Free PDF authenticity check at HTPBE