Fake Invoice Fraud: How Scammers Target Veterinary Practice Payments

Most cyberattack stories involve something dramatic — a locked system, a ransom note, a screen full of warnings. Invoice fraud isn't like that. It involves a single, ordinary-looking email and a payment your practice fully intended to make. The money just goes to the wrong place.

That quietness is exactly why it works against veterinary practices. There's nothing to notice, no alarm, no malware to detect — until a real supplier calls weeks later asking where their payment is.

How the Scam Works

Your practice pays the same set of suppliers every month — a distributor, a reference lab, a few contractors. Invoice fraud impersonates one of them. The attacker sends an invoice that looks routine, except for one detail: the bank account to pay into is new. A short, plausible note explains it — “we've updated our banking,” “please use our new remittance details.”

Whoever handles payments sees a familiar supplier, a familiar amount, and a routine request. They update the payee and pay. The money lands in the criminal's account, and the genuine invoice is still outstanding.

Why It's So Convincing

The most effective version of this scam starts earlier, with a phished password. If an attacker has read a practice's email — see our guide to how breaches start in a veterinary practice — they can see your real suppliers, real invoice formats, and real amounts and timing. The fake invoice they send then matches everything a busy office would check at a glance.

Even without inbox access, attackers lean on the names every practice knows — major veterinary distributors and reference labs — because impersonating a supplier you definitely use is a safe bet. This is a veterinary-flavoured version of business email compromise, the costliest cyber threat to small businesses generally.

The Red Flags

Invoice fraud almost always carries the same tells:

A change of payment details.This is the big one. Genuine suppliers rarely change bank accounts, and when they do it isn't urgent. Treat any payment-detail change as suspect until proven otherwise.

Urgency.“Please process today,” “the account closes Friday,” “this is overdue.” Pressure exists to stop the payer from pausing to verify.

Reply-to and domain oddities. A look-alike domain, a slightly wrong sender address, or a reply that quietly routes elsewhere.

Channel changes. A supplier who normally posts invoices suddenly emailing one, or a request to move the conversation to a personal address.

The Controls That Stop It

Invoice fraud attacks a process, so the strongest defences are process controls — backed by the technical basics.

The single most powerful one is the verification call. Any change of payment details gets confirmed by phoning the supplier on a number you already have on file — never a number, link, or contact from the email itself. It takes two minutes and it defeats the entire scam, because the criminal can't answer that call.

The Bottom Line

Invoice fraud doesn't break into your practice — it walks your own payment process into handing money to a stranger. There's nothing for antivirus to catch, which is why the defence is a habit: changes to payment details are always verified, out of band, before a cent moves.

Pair that habit with the technical basics — email security and MFA so attackers can't read your invoices in the first place — and the scam stops working. If you'd like help putting both in place, see our cybersecurity for veterinary practices.