At a glance
- AI makes creating convincing fake invoices easy, increasing fraud risk for firms.
- Verify payment changes out-of-band and enforce dual approval for high-value payments.
- Train staff on process discipline, not just spotting visual flaws in fakes.
- Use AI-driven automation to audit all invoices and flag anomalies for review.
If a forged £20,000 invoice slipped through the cracks this week and was paid in full, how confident are you that you’d spot it quickly – or be able to explain it to an anxious client?
Invoice fraud has long been part of the risk landscape for finance professionals. But in the 18 months to late 2025, new technology has suddenly elevated this risk for every firm.
In simple terms, much like the rest of us, potential fraudsters have discovered AI. And they have discovered in particular how much extra ability it gives them to generate convincing fakes. SAP Concur, which conducts around 100 million monthly compliance checks, reports approximately 18 times more invoices are being detected as AI-generated than previously. But others are going undetected.
For accounting firms and their clients, this is the uncomfortable shift wrought by AI-generated fraud. Free and low-cost AI image-generation and deepfake software have pushed a new deception capability firmly into the mainstream. False invoices and expense receipts can now be generated in seconds with none of the visual flaws that once made forgeries easier to spot. What was once a slow, manual deception is now fast, scalable and convincing – all thanks to the technology of generative AI.
As Nick Knupffer, CEO of VerifyLabs.AI, observes, AI is “giving fraudsters a serious upgrade…we’re now seeing fake invoices that look every bit as polished as the real thing, right down to the branding, layout and even a believable history of past transactions”.
Plausibility at scale
This new generation of fraudulent invoices is also often now embedded in seemingly normal commercial activity, also the product of AI. Attackers use AI tools to imitate the cadence of genuine suppliers, echo previous correspondence, and wrap invoices in plausible email threads or payment reminders.
Javvad Malik, Lead CISO at KnowBe4, notes the technology “makes invoices faster and more accurate to produce”, amplifying long-standing compliance gaps rather than creating new ones. He adds, “the core weakness is still human and procedural … useful red flags now are less about spelling mistakes and more about context”.
Protecting firms and finance teams
The risk of loss and blame has moved onto firms’ finance function and the strength of finance’s security practices. And regulatory responses have not yet caught up – which leaves finance teams to put in place their own solutions.
“In a world where seeing is no longer believing, finance teams are strongly advised to equip themselves with the means to discern real from fake,” says VerifyLabs.AI’s Knupffer.
Experts IFA spoke to consider the following measures essential to reducing exposure to AI-generated fraud.
1. Always verify out of band
As AI removes the visual cues that once exposed forgeries, basic payment controls must be adhered to.
With attackers increasingly focusing on forcing changes to established processes, Malik advises organisations to implement “strict out-of-band verification for any change in bank details or unusual payments, with dual approval for higher-value or first-time payments”.
Confirmation of a change to invoice information should be obtained through a trusted channel, not via an email thread accompanying the invoice.
2. Train for discipline, not detection
Malik also advocates for teamwide education “to be mindful of these scams and to follow the established process at all times”. This process can include several steps. Internal pre-spend audits can flag issues early, while teams should also verify the invoice reference number, PO number, and internal contact before payment.
Updating existing training or courses to include AI-generated invoice fraud and running scenario-based exercises to practice decision-making moments when complacency may set in are also advised. These often include situations in which a request appears routine, when authority is invoked or when the timing seems inconvenient.
Above all, Knupffer recommends “stronger controls, better training and healthy doses of both understanding the problem and scepticism around what appears to be business as usual”.
3. Embrace automation
Garry Goodenough, head of UKI region at SAP Concur, suggests that “it is time to use AI to fight AI”.
“[AI is] giving fraudsters a serious upgrade … we’re now seeing fake invoices that look every bit as polished as the real thing.”
Nick Knupffer, CEO, VerifyLabs.AI
AI-driven detection tools are most useful when volume and resources are limited. “A team of internal auditors can at best manually review a small proportion of claims,” Goodenough says. On the other hand, “the appropriate automated audit solution can review 100% of reports, flag anomalies, and enable human auditors to examine those more closely.”
Ensure any new software will slot into your existing approval routines: the value lies in what these tools surface for human review, not in running a parallel system. Providers should explain their methods. How do they identify manipulation? How is data monitored over time? And how are alerts prioritised so that genuine anomalies reach your team quickly?
A proactive approach
AI may not change the nature of invoice fraud, but it certainly has removed the friction that once limited it. For firms and their clients, the advantage now lies not in spotting the perfect fake but in maintaining processes resilient enough to withstand one. Goodenough notes that “as AI evolves and becomes the tool of choice for potential fraudsters, organisations have an opportunity to modernise their defences and get ahead of the curve.”
Enhance your skills in emerging areas of cybersecurity and technologies with IFA’s self-paced short courses.
