The FTC is warning small businesses about a fake invoice scam. Some of these invoices look like routine bills for tech support, domain registration, or SEO services. Others arrive by email and are really phishing attempts meant to get someone on your team to click, reply, or hand over account access.
That makes this fake invoice scam small business warning especially relevant for companies that move fast, pay vendors quickly, or have multiple people touching email, bookkeeping, websites, domains, or marketing. If the bill looks normal enough, scammers are hoping nobody stops to question it.
What the FTC warned about
In a May 14, 2026 consumer alert, the FTC said scammers are sending businesses invoices for products or services they never ordered. The examples it called out are unusually relevant for CodeForce clients: tech support, domain registration, and search engine optimization services.
The FTC also says some of these fake invoices are really phishing emails designed to get access to your business data, accounts, and networks. In other words, the invoice may be trying to steal money, credentials, or both.
Why tech-related invoices are an easy trap
Technology bills can already be confusing. A small business might have separate costs for website hosting, a domain name, email, plugins, ads, SEO help, software subscriptions, or outside support. That makes it easier for a fake invoice to blend in.
If your business does not have a clean vendor list or a simple approval process, a fake renewal or support invoice can look close enough to the real thing to cause damage. That is one reason business tech cleanup and systems cleanup matter more than people think.
Fake invoice scam small business checklist
1. Slow down any unexpected invoice
If an invoice feels unfamiliar, urgent, or oddly specific, do not pay it just because it says “past due.” Pause long enough to confirm whether your business actually ordered the service.
2. Verify the vendor through a known contact path
Do not trust the phone number, email address, or payment instructions printed on the invoice. Look up the vendor through your existing records, your real account portal, or the company website you already know.
3. Double-check domain and hosting renewals in the real account
Domain and hosting scams work because many owners do not remember which registrar or host they actually use. Log into the real account first. If you are not sure where your website or domain lives, that confusion should be fixed before a scammer exploits it.
4. Treat SEO and tech support invoices with healthy suspicion
If your company did not sign an agreement for SEO, ads, technical support, or website work, do not assume the invoice is legitimate. Search the company name with words like “review,” “scam,” or “complaint,” just as the FTC recommends.
5. Do not click login or payment links inside the invoice email
Some fake invoices are not really asking for payment first. They are trying to pull you into a phishing page where you type an email password, card number, or business login. Open your real vendor accounts directly instead of following invoice links.
6. Strengthen email and account protection
The FTC’s small-business guidance on business email imposters recommends using email authentication, keeping software patched, and training staff to spot phishing. Those steps matter because once a scammer gets inside one account, fake invoices and impersonation attempts get harder to spot.
7. Make one person responsible for final approval
Even a simple rule helps: unexpected technology, marketing, domain, website, or invoice requests should go through one final checker before payment. That process can save far more money than it costs in time.
What to do if you already clicked, replied, or paid
If someone on your team already interacted with the invoice, move quickly. Change any exposed passwords, review business email accounts, check for forwarding rules or suspicious logins, and contact your bank or card provider if payment was sent. If the issue touches your website, hosting, email, or domain, a website recovery rescue or direct support review may be the right next step.
The FTC says to forward phishing emails to reportphishing@apwg.org and report scams to ReportFraud.ftc.gov. Its business email imposter guidance also points businesses to IC3.gov and recommends notifying customers quickly if your business identity has been spoofed.
What small businesses should review this week
- List your real domain, hosting, email, website, ads, and SEO vendors.
- Confirm where each bill normally comes from and who approves it.
- Check whether staff know how to spot fake renewals and phishing invoices.
- Review your business email security, passwords, and update habits.
- Fix any account confusion before the next fake invoice lands.
If your business has scattered accounts, unclear renewals, or too many people making guesses about what is real, CodeForce can help sort it out through business tech services, systems cleanup, and practical website and account support. You can also book a conversation here.
FAQ
What makes a fake invoice especially believable?
It often matches a category your business really does pay for, such as domains, tech support, software, or marketing. The invoice may also use a familiar-looking logo, urgent language, or a “renewal” frame.
Should a small business centralize domain and website renewals?
Yes. If nobody knows where the real domain or hosting account lives, scammers have an easier opening. One owner or trusted manager should know the real registrar, host, renewal dates, and billing path.
Can this become a bigger security problem than one bad invoice?
Yes. Some fake invoices are phishing attempts aimed at passwords, payment cards, or account access. Once a scammer gets into email or website systems, the damage can spread beyond one invoice.
Sources
- FTC Consumer Alert: Run a small business? Pay your bills, not scammers
- FTC: Cybersecurity for Small Business – Business Email Imposters
- FTC Small Business resources
Featured image alt text suggestion: Small business owner reviewing a suspicious invoice for website or domain services on a laptop before making a payment.
