Altered Invoice and Interception Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Altered Invoice and Interception Fraud in India 2026: How Businesses Are Targeted by Phishing Scams

Altered Invoice and Interception Fraud is a rising cyber threat targeting Indian businesses, causing major financial losses by hijacking legitimate vendor communications.

What Is the Altered Invoice and Interception Fraud?

Altered Invoice and Interception Fraud is a sophisticated phishing scam where fraudsters intercept or hack into the invoicing process between vendors and businesses. Instead of random individual targets, this scam primarily aims at companies—especially Small and Medium Enterprises (SMEs) in India—that regularly conduct transactions using invoices. Because these businesses trust their vendors and use common communication channels like email and WhatsApp, fraudsters blend in easily.

In recent years, this scam has become more widespread due to increased digitalisation of invoicing and payment systems. According to public complaints reported to Indian cybercrime authorities and advisories from bodies like CERT-In and the Indian Cyber Crime Coordination Centre (I4C), the scam is frequently executed through compromised email accounts or intercepted physical mail. Although precise national statistics are hard to find, many businesses in metro cities and tier-2 locations have reported financial losses ranging from several lakhs to crores of rupees.

While the Reserve Bank of India (RBI) regularly issues warnings about phishing and payment frauds, CERT-In has emphasised that interception of business communications poses a higher risk as it targets trusted vendor relationships. This is especially critical with payments made via UPI IDs or bank transfers on invoices, since altered invoice details can divert funds to fraudulent accounts.

How This Scam Works — Step by Step

1. Information Gathering: Scammers identify a target business and its legitimate vendors by researching online or using social engineering tactics.
2. Compromising Vendor’s Communication: Fraudsters hack into the email account of a vendor or intercept physical invoices either by exploiting postal delays, insider help, or phishing the business's accounts.
3. Invoice Alteration: Once the invoice is accessed, scammers alter critical payment details such as bank account numbers or UPI IDs. The invoice may appear identical except for subtle changes.
4. Sending Fake Invoice to Buyer: The modified invoice is sent, often via WhatsApp, email, or SMS, impersonating the vendor’s communication style to avoid suspicion.
5. Payment by the Victim: The targeted company, trusting the invoice, processes the payment as usual. However, funds go to the scammer’s fraudulent account.
6. Delayed Discovery: The difference may only be realised during reconciliation or vendor follow-up, often after the money has been withdrawn or laundered.
7. Difficulty in Recovery: Victims face hurdles in reversing UPI or NEFT transactions, especially if the scammer’s account is quickly closed or untraceable.

Real Warning Signs to Watch For

• Invoice suddenly sent from a new or unusual email ID or WhatsApp number different from the usual vendor contact.
• Changes in bank account or UPI ID details, especially with minor spelling variations (e.g., us@bank vs. us@banc).
• Requests for urgent payment through WhatsApp or SMS, pressuring to bypass usual protocols.
• Poor grammar, spelling errors, or subtle formatting changes in an invoice that normally appears professional.
• Emails or messages without digital signatures or that avoid usual vendor verification.
• Payment request outside regular billing cycles or without corresponding purchase orders.
• Vendors contacting after payment asking if funds were received when you have no record of payment.

What Happens to Victims

Victims of this scam often suffer significant financial losses. Because many Indian businesses rely on immediate payments via UPI or bank transfers, the funds sent to fraudulent accounts are hard to recover. While RBI allows limited UPI payment reversals under exceptional circumstances, most cases depend on cooperation from banks and law enforcement, which can be slow.

The emotional toll on business owners can be severe. Trust with real vendors gets strained, and in the age of Aadhaar-enabled digital signatures, victims fear larger identity misuse risks if their communication channels are compromised. Victims sometimes experience difficulties with their SIM cards if fraudsters misuse phone authentication to perpetuate the scam or commit follow-up fraud.

What RBI and CERT-In Say

The Reserve Bank of India has issued general advisories cautioning businesses against phishing and tampering with payment details, urging verification before fund transfers. RBI’s customer helpline and grievance redressal mechanisms encourage immediate reporting of suspicious transactions.

CERT-In advises Indian organisations to implement multi-factor authentication for email and payment portals and monitor for unusual network activity. They also recommend using secure communication platforms and limiting sharing of sensitive invoice information via unsecured WhatsApp or SMS messages.

The Indian Cyber Crime Coordination Centre (I4C) provides a national cybercrime helpline number 1930, which citizens can dial to report phishing and fraud incidents. Additionally, businesses can file complaints on the cybercrime.gov.in portal to initiate investigations.

How to Protect Yourself

1. Always verify invoice details through a known, trusted communication channel before making any payments.
2. Use digital signatures or encrypted email services to validate vendor invoices.
3. Notify your finance team to flag any last-minute changes in payment instructions.
4. Avoid sharing payment credentials or invoice copies over unsecured platforms like WhatsApp or SMS.
5. Enable multi-factor authentication (MFA) on all email accounts related to business communications.
6. Train staff regularly on social engineering and phishing risks related to invoicing processes.
7. Immediately report suspicious vendor communications and verify directly via phone numbers known from previous transactions.

What to Do If You've Been Targeted

If you suspect you have fallen victim to Altered Invoice and Interception Fraud:

• Immediately contact your bank and request a freeze or reversal of the transaction if possible.
• Call the national cybercrime helpline at 1930 to report the incident and seek guidance.
• File a complaint on the cybercrime.gov.in portal with all evidence such as emails, invoice copies, and transaction details.
• Inform vendors about the attack so they can secure their communication channels.
• Monitor your Aadhaar-linked accounts and UPI transactions closely for any suspicious activity.
• Consider legal consultation to explore civil and criminal remedies.
• Maintain records of all correspondence for police or enforcement authorities.

Frequently Asked Questions

Q: Can I reverse a payment sent to a scammer’s account through UPI?
Generally, UPI payments are instant and irreversible. However, if you act quickly and report to your bank and the 1930 helpline, they may initiate a recovery process depending on the situation. The key is not to delay reporting.

Q: How can I differentiate a legitimate vendor invoice from a fake or altered one?
Look for changes in email IDs or phone numbers, cross-check bank details directly with the vendor via a trusted phone call, and verify digital signatures if available. Be cautious of unexpected requests and formatting inconsistencies.

Q: What role does WhatsApp play in these scams?
WhatsApp is commonly used by businesses and vendors for convenience but is also exploited by fraudsters impersonating vendors. Since WhatsApp messages are easy to spoof or hijack, never rely on WhatsApp alone to confirm payment instructions.

For any suspicious invoice or payment request, don’t hesitate to verify the message at BharatSecure.app and report fraud immediately at the national cybercrime helpline 1930.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.