20 Practical Steps to Stop Fake Invoice & Urgent-Request Scams

1. Implement a Mandatory Callback Rule

No invoice change or urgent payment is approved without calling the requester using the number on file, not the number in the email.

2. Enforce a Two-Person Approval Workflow

At least two people must review:

• bank detail changes
• large payments
• invoices outside standard ranges

3. Create “Out-of-Band Verification” Channels

Employees must confirm suspicious requests through Slack, Teams, or phone—not email.

4. Require Vendor Bank Details Verification Every 6 Months

Reconfirm account numbers through a human-to-human check with the vendor’s finance team.

5. Activate DMARC, DKIM, and SPF Enforcement

Stop spoofed domains long before they reach inboxes. Use tools such as PowerDMARC to automate DMARC, DKIM, and SPF enforcement, monitor authentication results in real time, and streamline the transition to stricter policies without disrupting legitimate email flow.

6. Block Lookalike Domains Automatically

Configure your email security tools to highlight or flag domains that contain letter swaps (ex: “rn” instead of “m”, “l” vs “I”).

7. Train Employees Monthly With Real Examples

Provide micro-trainings on spotting:

• subtle typos
• fake urgency
• tone differences
• domain lookalikes

8. Use Warning Banners on External Emails

A bright banner “⚠️ External Sender” reduces trust and slows down automatic reactions.

9. Remove “VIP Exemptions” From Email Security

CEOs and executives must not be excluded from spam/phishing filters.

10. Establish a “No Rush Payments” Policy

If a request is urgent, it must go through a special verification route, not a fast-track.

11. Create a Dedicated Fraud and Payment Security Playbook

Employees need a clear checklist to follow when something feels off.

12. Automate Invoice Pattern Alerts

If an invoice amount, format, or frequency changes unexpectedly, finance receives an alert.

13. Disable Macros Across the Organization

Macro-enabled documents (.xlsm, .docm) should be blocked unless explicitly approved.

14. Limit Who Can Approve Vendor Changes

Restrict vendor profile edits to one or two trained individuals with MFA.

15. Turn on Geolocation-Based Login Alerts

If attackers compromise a vendor email account, you’ll see unusual country login attempts.

16. Enforce Strong MFA for Finance & Executive Accounts

Finance teams and leadership must use app-based MFA, not SMS.

17. Store Vendor Contract Info in a Centralized System

Remove invoice handling from scattered emails; keep everything inside a secure platform.

18. Run Quarterly “Invoice Drills”

Simulate fake invoices and urgent requests to measure employee reaction times and errors.

19. Create a “Report Suspicious Email” Button

Make it one click for employees to submit an email to security.

The easier it is, the more they’ll report.

20. Build a Culture Where Employees Feel Safe Asking Questions

No one should ever fear getting in trouble for double-checking a request from leadership.

Culture kills scams more effectively than any tool.