Altered Invoice and Interception Fraud

How Altered Invoice and Interception Fraud Works

Overview: Fraudsters intercept genuine invoices sent by known vendors, alter the bank account details, and then forward them to the accounts department. This scam hits Indian businesses of all sizes, risking significant losses and damaging supplier relationships if undetected. How It Works: The scammer gains unauthorized access — often through phishing or compromised email accounts—or intercepts physical invoices. They edit key payment details, such as the bank IFSC or account number, before forwarding the invoice to the finance team. The accounts team, seeing what appears to be a routine invoice, processes the payment to the criminal’s account. India Angle: In India, this attack is seen in companies using email-based approval workflows or less secure ERP/email setups. Metro-area businesses, and those working with numerous regional suppliers, are particularly susceptible. Sometimes fraudsters call the accounts team, confirming they've sent 'corrected' invoices, further building trust. Hindi and English are common languages. Accounts professionals and mid-level managers are often targeted. Real Examples: An accounts executive in Delhi gets an email chain for a routine supply invoice — but the bank account details have been subtly altered, redirecting ₹6 lakh to a new account. Red Flags: Attachments from unusual sender address[ADDRESS_REDACTED] from previous records; requests to use a different payment method. Protective Measures: Always confirm invoice and bank details through an independent contact. Implement controls where invoices, POs, and delivery records must all match before payment. Train staff to look for email spoofing and irregularities; use secure email channels. If Victimised: Immediately notify your bank and request a recall or hold. Report online at cybercrime.gov.in and call 1930. Preserve all emails and invoice copies for the investigation. Related Scams: Email Account Compromise (taking over vendor email to send edited invoices); Mandate Change Scam (where only banking details are changed; see Item #1); Supply Chain Attack (intercepting communications between vendors and buyers).

How This Scam Works — Detailed Explanation

Altered Invoice and Interception Fraud involves a calculated approach by scammers to exploit businesses in India. Scammers typically begin by gathering information about target companies, often through social engineering or phishing attacks. They might compromise an email account of a vendor or use hacking techniques to access digital communications. They may also intercept physical invoices through other means, such as postal service delays or insider information, effectively setting the stage for the deception to unfold. Communication platforms such as WhatsApp or email are often used by both legitimate vendors and scammers, making it easier for them to blend in with the usual communications.

Once they have accessed the legitimate invoices, the scammers employ various tactics to alter the documents. They may change banking details like the IFSC code, account number, or even modify the invoice amounts slightly to avoid suspicion. Such minor alterations can easily go unnoticed, especially during busy financial periods within companies. They often invoke psychological tactics, such as creating urgency around payments, claiming that immediate action is required to secure services, discounts, or avoid disruptions. This sense of urgency leverages the busy nature of finance departments, making staff more likely to overlook red flags.

Victims of this scam typically follow a defined pathway. An employee in the accounts department receives a seemingly standard invoice via email, which appears to come from a trusted vendor. Without realizing the deception, the employee processes the payment based on the provided details. For instance, if a business in Delhi receives an invoice for ₹5 lakh from a regular software vendor, but it has undergone adjustments to the account details, a few careless clicks could lead to a loss. Recent reports indicate that Indian businesses faced a total loss of ₹1,000 crore in 2022 alone, primarily due to this scam.

The impact of Altered Invoice and Interception Fraud extends beyond immediate financial losses. Businesses may lose credibility with their vendors, resulting in strained supplier relationships. Losses can lead to layoffs or even company closures, particularly affecting small and medium enterprises (SMEs) that may not have the financial buffer to withstand such shocks. Regulatory authorities like the Ministry of Home Affairs (MHA) and the Reserve Bank of India (RBI) have issued guidelines urging businesses to enhance their financial transaction security. CERT-In has reported multiple advisories, warning companies to stay alert against such sophisticated phishing attacks.

To distinguish between a legitimate invoice and a phishing attempt, businesses should scrutinize all incoming communications closely. Look for known red flags like invoices from unusual email addresses or minor discrepancies in supplier contact details. If there’s an urgent payment request that seems disproportionate to previous invoices, it’s crucial to verify the details directly with the vendor through a known contact method, not via the provided information on the invoice. Confirming all critical details can prevent financial disasters down the line.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Altered Invoice and Interception Fraud Target?

General public across India

Red Flags — How to Identify Altered Invoice and Interception Fraud

• Invoices sent from unfamiliar email addresses
• Minor changes in supplier contact numbers or emails
• Small, unexplained difference in usual invoice amounts
• Attachments with altered payment instructions
• Requests for urgent payment processing

What To Do If You Encounter Altered Invoice and Interception Fraud

1. Report any suspicious invoices immediately at 1930 or cybercrime.gov.in.
2. Verify all invoice details directly with the vendor through official contact numbers.
3. Review and update internal financial verification processes to include strict double-checks.
4. Train staff to identify phishing attempts and implement security awareness practices.
5. Monitor your bank statements regularly for unfamiliar transactions.
6. Consider using two-factor authentication for critical financial accounts.

How to Report Altered Invoice and Interception Fraud in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my bank details in an Altered Invoice scam?

Immediately contact your bank helpline such as SBI at 1800-11-1109 to alert them of potential fraud.

How to identify an Altered Invoice scam?

Look for invoices from unfamiliar email addresses, small differences in amounts, and urgent payment requests.

How can I report this type of scam in India?

You can report it at the cybercrime helpline 1930 or visit cybercrime.gov.in to file a complaint.

What steps should I take to recover money after falling victim to this scam?

Contact your bank immediately and report the transaction; they might be able to reverse it if done within a short timeframe.

Related Scams in India

• AI Deepfake & Synthetic Document Scams
• AI Deepfake Bank Alert Scams
• AI Deepfake Exchange Impersonation
• AI Deepfake Executive Authorization Scam
• AI Deepfake Executive Impersonation (BEC)

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.