Home / Guides / Fake Invoice Email Checklist

BEC guide

Fake Invoice Email Checklist.

How to spot suspicious invoices, spoofed vendors, changed remittance details, and urgency language before payment. Use this as a practical pre-payment checkpoint, then turn the process into a reusable workflow with the BEC Defense Pack.

Get the $99 BEC Pack Send me the checklist

Checklist

Run these steps before approval.

Compare the sender domain

Make the decision visible and documented before payment leaves the business.

Check reply-to and display name

Make the decision visible and documented before payment leaves the business.

Compare remittance details to prior invoices

Make the decision visible and documented before payment leaves the business.

Search for thread anomalies

Make the decision visible and documented before payment leaves the business.

Escalate unusual urgency

Make the decision visible and documented before payment leaves the business.

When to escalate

Escalate immediately if any of these are true.

Money has already moved to a new or suspicious account.
A mailbox has unknown forwarding rules, filters, OAuth grants, or unusual logins.
The request touches client funds, regulated data, payroll, trust accounts, taxes, or legal deadlines.
Two internal approvers disagree or cannot verify the requester off-thread.

Related pages

Keep moving through the cluster.

For bookkeepers For contractors For law firms BEC cluster hub

Capture the traffic

Get the free payment-change verification checklist.

Send it to the person who approves invoices, ACH, wires, or vendor bank changes.

Next step

Want the workflow instead of another article?

Get the Business Email Compromise Defense Pack, request a free teardown, or download the checklist and capture the process for your team.

Get the $99 BEC Pack Free BEC checklist Get free teardown