Every business owner wants to believe that once they send an invoice, payment is just a matter of time.
But that is not always how it works.
Sometimes the client is slow to pay. Sometimes the invoice gets buried. And sometimes, the real nightmare happens: your client gets tricked into sending payment to a cybercriminal instead of to you.
Then what?
Too often, the business owner who did the work ends up in a fight they never asked for. The client says they already paid. The bookkeeper points fingers. The vendor is left unpaid. Everyone is frustrated, and somehow the person who actually delivered the service is expected to absorb the loss.
Let’s be clear. If your client paid the wrong person, that does not automatically mean you should be the one taking the hit.
This kind of fraud is common. It is preventable. And business owners need to protect themselves on both sides: first, by making it easier for legitimate invoices to get paid correctly, and second, by knowing what to do if a client tries to avoid payment after falling for a scam.
The fraud is real, and it happens all the time
A scammer impersonates a vendor. They copy a logo. They send a fake invoice. They change the payment instructions. Maybe the email domain is off by one letter. Maybe the wiring instructions show up in a Word document that looks a little clunky. Maybe the tone feels off.
But the payment goes out anyway.
Why? Because too many businesses still do not have a real verification process.
That is the problem.
Not whether the fake invoice looked perfect. Not whether the criminal was clever. Not whether the vendor’s logo got copied.
The real question is this: what internal controls did the paying company have in place before releasing funds?
If the answer is “none,” that is where the breakdown happened.
If you want your invoices paid, make paying you simple and secure
Business owners often focus on getting the invoice out. That matters. But if you want to actually get paid, you also need to make it easy for your clients to verify that the invoice is legitimate.
Think about it like this: if someone can impersonate you with a copied logo and a fake email, then your process needs to do more than rely on appearances.
Here are the practical steps that help.
1. Standardize how your invoices are sent
If your invoice delivery changes every month, you are creating confusion.
Send invoices the same way every time. Use the same email address, the same invoicing platform, the same branding, and the same payment instructions. Consistency helps clients spot red flags faster.
For example, if you always send invoices through QuickBooks, and suddenly a Word document shows up asking for a wire, that should feel wrong immediately.
That is what you want. You want your real process to be so consistent that the fake one stands out.
2. Put payment verification language on every invoice
Do not assume clients know how to protect themselves. Tell them.
Include a note on every invoice such as:
Important: We do not change payment instructions by email alone. If you ever receive updated wire or ACH instructions, verify them by calling us at our previously known phone number before sending payment.
That one paragraph can save a lot of money and a lot of drama.
It also helps protect you later if there is a dispute. Why? Because now you can show that you warned them in writing.
3. Use secure invoicing systems when possible
A polished invoice in a secure billing system is harder to dispute than a random attachment sent by email.
Client portals, accounting software invoices, and payment links create a cleaner trail. They also reduce the odds that someone will trust a fake document floating in their inbox.
Can fraud still happen? Yes.
But why make it easy for criminals when you can make it harder?
4. Confirm onboarding details early
When you take on a new client, do not wait until there is a payment problem to talk about payment procedures.
Set expectations upfront:
- Where invoices will come from
- What payment methods you accept
- Whether you ever accept wires
- Whether payment instructions ever change
- How any changes must be verified
This does two things. It reduces confusion, and it makes it harder for a scammer to wedge themselves into the process later.
5. Document your official payment instructions
Your payment process should not live only in someone’s memory.
It should be documented in your engagement letter, onboarding packet, or client portal. That way, if anyone says, “We thought the instructions changed,” you have something concrete to point back to.
When businesses fail to document this stuff, they create room for excuses.
6. Never send changed wire instructions casually
If you ever do need to change banking information, treat it like a high-risk event.
Do not send a quick email and hope for the best.
Use multiple channels. Notify the client in writing. Ask them to call a known number. Consider a signed confirmation. Make the change easy to verify and hard to fake.
Because once money is wired out, getting it back is a whole different battle.
What if the client paid the wrong person and now refuses to pay you?
This is where business owners panic.
You did the work. You sent the invoice. The client says they paid. But they did not pay you. They paid a fraudster.
So what now?
First, do not automatically accept their version of events as your financial problem.
Their loss and your receivable are not necessarily the same issue.
They may have a fraud claim, an insurance claim, a bank recovery issue, or an internal control failure. That is their side of the mess.
Your side is simpler: were you paid by the actual client into your actual account?
If not, then your invoice may still be unpaid.
Steps to protect yourself if this happens
1. Gather your documentation immediately
Pull together:
- The original signed contract or engagement letter
- The invoice
- The email trail showing when and how it was sent
- Your standard payment policies
- Any written warnings about verifying payment changes
- Proof that you did not authorize different payment instructions
You need a clean file. Not a messy story. A clean file.
Because if this turns into a dispute, documentation wins.
2. Separate sympathy from responsibility
You can be empathetic without taking the blame.
Something like this is appropriate:
“I am sorry this happened. Unfortunately, we did not receive payment, and we did not authorize any change to our payment instructions. The balance on our invoice remains due.”
That is professional. Clear. Calm. No drama.
Do not let the conversation drift into emotional language that sounds like you are accepting responsibility when you are not.
3. Send a formal written demand for payment
If the client starts stalling, stop relying on casual conversations.
Send a formal demand letter or a firm written notice stating:
- The invoice remains unpaid
- Payment was not received by your business
- No authorized payment change was made
- The balance is due by a specific date
Sometimes people keep things vague because vagueness buys time. A formal letter changes the tone.
4. Review your contract language
This is a big one.
Does your agreement say when payment is due? Does it say what counts as payment? Does it include late fees, attorney fees, jurisdiction, or dispute terms?
If not, this is your sign to tighten your contracts now.
A strong contract does not prevent every fight, but it gives you a much better starting position when one shows up.
5. Talk to your insurance agent
Even if the loss is not your fault, you should understand what your own coverage does and does not cover.
Errors and omissions insurance, cyber coverage, and crime-related coverage can all matter depending on the situation.
And here is an uncomfortable but important question: if a bookkeeper or internal employee at the client’s company made the payment, do they have coverage too?
Because if someone wants to shift blame, you need to know whether there is an insurance policy in the background that may respond.
6. Decide whether to preserve the relationship or press the issue
This is a business decision, not just a legal one.
Do you want to keep the client? Is the amount significant? Are they acting in good faith? Are they taking responsibility and working toward a solution, or are they trying to make you eat their mistake?
Not every unpaid invoice should become a lawsuit. But not every business owner should quietly write off a valid receivable either.
You worked for that money. You are allowed to treat it like it matters.
Internal controls your clients should have had in place
This is where the lesson gets bigger than one invoice.
Businesses should never change vendor payment details without verification using a previously known phone number or trusted contact method. Not the phone number listed on the new form. Not the email that just arrived. A known number.
That should be standard operating procedure.
Other smart controls include:
- Requiring verbal confirmation before changing ACH or wire details
- Segregating who approves vendor changes from who releases payments
- Training staff on business email compromise scams
- Reviewing domain names carefully
- Flagging any change from normal invoice format or payment method
- Using approval workflows for large payments
This is not overkill. This is basic fraud prevention.
If a business can approve a five-figure payment based on a fake Word document with a copied logo, the problem is not that the scammer was brilliant. The problem is that the process was weak.
The bottom line
Business owners need to protect both revenue and process.
Yes, send invoices promptly. Yes, follow up quickly. Yes, make payment easy.
But also make verification easy. Make fraud harder. Make your process clear enough that when someone tries to impersonate you, your client has a system that catches it before money leaves the building.
And if a client pays the wrong person?
Do not rush to accept a loss that is not yours.
Be professional. Be documented. Be firm.
Because getting paid is not just about doing good work. It is also about protecting the path the money takes to get to you.
Next step: review your invoice template, your engagement letter, and your payment-change procedures this week. If they do not clearly spell out how clients should verify payment instructions, fix that now before a scammer writes the next chapter for you.
