Last month, a plumber in Taunton forwarded me an email that made my blood run cold. It looked like a perfectly normal invoice from his regular supplier — right logo, right colours, even the right account manager's name. But something wasn't quite right. The payment details had changed, and they wanted £3,400 transferred immediately.
It was fake. And if he'd paid it, that money would've vanished forever.
I've been helping Somerset businesses with their online presence for over 40 years, and fake invoice emails have become the number one threat I warn my customers about. They're getting cleverer, more convincing, and they're specifically targeting small businesses across Taunton, Bridgwater, and the wider South West.
Why Fake Invoice Emails Work So Well
These scammers aren't amateurs. They do their homework. They know which suppliers you use, roughly when you pay them, and even how much you typically spend. How? Social media, company websites, even innocent conversations overheard in the Crown & Sceptre.
A café owner in Watchet told me about six months ago how she nearly fell for one. The fake invoice arrived on the exact day she usually paid her coffee supplier. Same format, same amount — just different bank details. She only spotted it because the sort code was for a bank in Manchester, not Bristol where her supplier was based.
Remember this: Real suppliers rarely change their bank details. When they do, they'll send a letter, phone you, or both. They won't just slip new details into an email invoice.
The scary part? These emails often come from addresses that look legitimate. Instead of payments@suppliercompany.co.uk, it might be payments@supplier-company.co.uk or payments@suppliercompany.com. Spot the difference? Most people don't when they're rushing through emails on a Monday morning.
The Tell-Tale Signs to Watch For
After four decades of dealing with this stuff, I can usually smell a fake invoice email within seconds. Here's what gives them away:
The Email Address Doesn't Match
This is your first line of defence. Hover over the sender's name (don't click!) and check the actual email address. I helped a B&B owner in Minehead earlier this year who received an 'invoice' from British Gas. The display name said "British Gas Business", but the email came from britishgas-billing@outlook.com. British Gas don't use Outlook for business invoices!
Urgent Payment Demands
Legitimate businesses understand cash flow. They don't suddenly demand payment within 24 hours when you've been on 30-day terms for years. If an invoice screams urgency — especially with threats about cutting off services — that's a massive red flag.
Changed Payment Details
This is the big one. Any email asking you to update payment details should trigger your spider senses. A genuine supplier changing banks will notify you properly, usually with a formal letter on headed paper. They might follow up with a phone call. They won't just change the details on an invoice and hope you notice.
£245 million lost to invoice fraud
UK businesses lost £245 million to invoice and mandate fraud in 2023, according to UK Finance. The average loss per business? £76,000 — enough to sink most small companies.
Poor Grammar or Odd Phrasing
Not all scammers are Shakespeare. Look for weird spacing, random capitalisation, or phrases that just sound... off. "Please to make payment immediately to avoid service disrupting" isn't how your accountant writes.
What Taunton Businesses Should Do Right Now
Protection starts with preparation. Here's what I tell every business owner from Williton to Bridgwater:
Create a Supplier Contact List
Keep a simple spreadsheet with your regular suppliers' genuine contact details and bank information. When an invoice arrives, check it against your list. Takes 30 seconds, could save you thousands.
Set Up Invoice Verification
For any invoice over £500, make a quick phone call to verify it's genuine. Use the number from your records, not the one on the suspicious invoice. Yes, it takes time. No, it's not paranoid — it's professional.
Train Your Team
If you've got staff handling payments, make sure they know about fake invoices. A shop owner in Bridgwater lost £8,000 because their part-time bookkeeper didn't know to check. Spend an hour training them — it's the best investment you'll make.
My golden rule: If anything about an invoice feels wrong — the timing, the amount, the tone — pick up the phone. No legitimate supplier will mind you checking.
Real Examples from Somerset Businesses
I've collected some crackers over the years. About three months ago, a holiday cottage owner near Exmoor sent me a 'final notice' from HMRC demanding immediate payment of £2,847 in unpaid corporation tax. Problem was, she ran her business as a sole trader — she didn't pay corporation tax!
Another classic from last month: a garage in Taunton received an invoice from their usual parts supplier. Everything looked perfect except one tiny detail — the invoice number format was different. Instead of INV-2024-1234, it was 2024/INV/1234. That tiny change saved them £4,200.
The most sophisticated attempt I've seen targeted a dental practice in Taunton. The scammers had cloned their equipment supplier's entire invoice template, right down to the terms and conditions small print. The only giveaway? The bank sort code belonged to a building society that doesn't offer business accounts.
Technical Tricks Scammers Use
Understanding how these emails work helps you spot them. Scammers use several clever techniques:
Display Name Spoofing
They can make any email appear to come from "Accounts Payable" or "Invoice Department" regardless of the actual email address. Always check the real address, not just the display name.
Domain Spoofing
They register domains that look almost identical to legitimate ones. I've seen tauntoncouncil.gov.uk spoofed as taunton-council.gov.uk and somersetwater.co.uk mimicked as somersetwaters.co.uk. One extra letter, and suddenly your payment goes to criminals.
Reply-To Manipulation
Some fake invoices come from one email address but set the 'reply-to' as a different one. So when you hit reply to query the invoice, your email goes straight to the scammer who'll reassure you everything's fine.
What to Do If You've Been Caught Out
First, don't panic. But do act fast:
- Contact your bank immediately — they might be able to recall the payment if you're quick
- Report it to Action Fraud on 0300 123 2040
- Tell your actual supplier so they can warn other customers
- Forward the email to report@phishing.gov.uk
- Change your email password — scammers might have access to your account
A Taunton retailer who'd been caught out contacted me in tears earlier this year. We managed to get £1,800 of the £3,000 back because she acted within two hours. Speed matters.
Free offer: If you're ever unsure about an invoice email, forward it to me. I'll take a look and tell you if it's legitimate — no charge, no obligation. It's just part of the service.
Simple Steps for Long-Term Protection
You don't need expensive software or complex systems. Just common sense and consistency:
Use separate emails for finances: Create a dedicated email address for invoices and payments. Keep it off your website, social media, and business cards. The fewer people who know it, the safer you are.
Enable two-factor authentication: Yes, it's a faff typing in codes. But it stops scammers accessing your email even if they guess your password. Every email provider offers it free.
Regular supplier audits: Every six months, check your supplier list. Remove old ones, verify current payment details, and make sure phone numbers still work. Boring? Yes. Important? Absolutely.
Create payment procedures: Even if you're a one-person business, write down your payment process. Check invoice, verify if unusual, confirm bank details, make payment, file confirmation. Follow it every time.
Running a business in Somerset is hard enough without losing money to scammers. These criminals specifically target small businesses because they know we're busy, trusting, and often working alone. But with a bit of knowledge and some simple procedures, you can protect yourself.
The plumber I mentioned at the start? He's now got a simple checking system that takes two minutes per invoice. He hasn't had a problem since, and he sleeps better at night. That's worth more than the time it takes to check.
Stay safe out there. And remember — if you get an invoice that doesn't feel right, trust your gut. Pick up the phone, send me the email, or pop round to your supplier. A bit of paranoia beats losing thousands any day of the week.
Sources
- UK Finance — 2023 fraud statistics and payment diversion fraud data
- Action Fraud — Official UK police advice on invoice fraud
- National Cyber Security Centre — Government guidance on defending against phishing