Protect yourself
Kia pare i a koe i ngā tāware nama

Protect yourself from invoice scams

Online scammers may pretend to be someone you know or trust and send you fake invoices to trick you into paying them.

3 min read

Why it matters 

Invoice scams affect both individuals and businesses.  

Scammers will send you fake invoices, hoping to trick you into paying them and leave you out of pocket. At the same time, the business or organisation they imitate could suffer financial and reputational loss because the money they are owed goes to a scammer instead and their online security is compromised. 

If you’ve been affected by an invoice scam, find out how to get help.

Get help now

The risks 

If you pay a scammer instead of the business or organisation you were trying to pay, it can be difficult to recover the money – and you may still owe money to the real vendor.  

How to protect yourself

  • Don’t pay invoices you weren’t expecting

    If you receive an invoice for any goods or services that you didn’t ask for or receive, contact the sender directly to confirm it’s legitimate. Do not use the contact details on the invoice but use the sender’s publicly listed number or the phone number you usually contact them on. 

  • Double check if payment details change

    If the email or invoice requests a change to the payment information, such as bank account details, you should be suspicious immediately. Verify the change via publicly available contact details, do not reply to the email.

  • Know what real payment requests look like

    Make sure you know how the companies will contact you. For example, Inland Revenue will not send you the amount to pay in an email and will ask you to log in to your myIR account instead. Service providers like electricity companies or internet and phone providers will send you invoices only on certain days of the month and are unlikely to change bank account numbers. If you feel something is off, contact the sender directly via their official channels. 

  • Verify the invoice with the sender

    You may suspect an invoice to be a scam because you weren’t expecting it, or because it looks different to a previous invoice. The best way to know for sure is to contact the sender directly. Remember to use the sender’s publicly listed contact details. 

  • Check the email address

    Check that the sender’s email address is the same as the address listed on their official website, or that it’s the same address that they usually contact you from. 

    A legitimate email from a bank, company, or government agency won’t end in the name of a free email service such as Hotmail or Gmail. Check that the text after the @ matches the name of the organisation’s website. 

Get help

If you paid an invoice and are now concerned it is a scam, contact your bank immediately. They may be able to recover the money.

Also report it to CERT NZ for further advice and so that we can alert the company that is being impersonated. 

Report to CERT NZ(external link)

You can also email info@certnz.govt.nz for guidance on spotting an invoice scam.  

If you have a dispute with the business or organisation you think you paid, you may need legal advice. You can get free and independent advice from your local Community Law or Citizens Advice Bureau.

Citizens Advice Bureau(external link)  

Community Law(external link)

Disputes up to $30,0000 can be heard in the Disputes Tribunal, including those between businesses and customers about the payment of invoices. 

Disputes Tribunal(external link)