Falsified invoices: the Federal Criminal Police of Antwerp sounds the alarm
The head of the Regional Cyber Crime Unit (RCCU) of the Federal Criminal Police of Antwerp would like to alert you to worrying cases of falsified invoices sent by e-mail. This phenomenon is increasingly automated and frequent.
Invoice fraud is on the rise and affects both individuals and businesses. Although fraudsters can still steal invoices from mailboxes or BPost's sorting system, they are increasingly operating via email.
"As part of an investigation opened by our department and a report from the region, we would like to sound the alarm about the increasing sophistication of this system. We have found that a large part of these frauds are automated, which makes them extremely fast and often discovered too late," says Commissioner Christophe Van Bortel, Head of the Regional Computer Crime Unit of the Antwerp Criminal Police.
What is their modus operandi?
Criminals usually use compromised passwords from large internet service providers — such as Telenet and Proximus — to gain unauthorized access to their victims' mailboxes. This information is mostly from previous data leaks and is exchanged or marketed via the dark web within criminal networks.
"As soon as they access the mailbox, they intercept and monitor all incoming mail via an automated process. They then manipulate the invoices into attachments, replacing the structured communication and account number. The modified invoice, visually identical to the original, is then discreetly placed back in the mailbox or sent directly to the victim. Thanks to artificial intelligence, this process is taking place at lightning speed. The use of AI has profoundly transformed the modus operandi of invoice fraud," explains Christophe Van Bortel. "Criminals use advanced techniques such as automatic document recognition, intelligent data extraction and natural language processing. The result is a fraud mechanism that can be executed on a large scale, with minimal human intervention and a high degree of credibility, making it particularly difficult to detect in time. »
Find our advice in our full article on our website
What advice?
To reduce the risks, the Federal Judicial Police advises you to check if your passwords have been compromised, via the haveibeenpwned.com or breachdirectory.org websites, and to change them if you have been the victim of a data leak. Always enable two-factor authentication (2FA) when possible.
Be especially vigilant if a supplier tells you that they have changed their account number, if the invoice comes from a suspicious email address, or if you notice an unusual layout or a strange format (incorrect customer number, wrong logo, etc.).
Also pay attention to the verification of the IBAN name when making transfers. Since October 2025, banks in the euro area have been required to verify, via an IBAN name check – a verification of the beneficiary – whether the name entered matches the account number. If there is a discrepancy, you will receive an alert. If the recipient's name doesn't match the name on the invoice, it's likely fraud.
If you fall victim to this type of scam, contact your bank's fraud prevention department immediately to block the transactions. Then file a complaint with the Local Police.
Discover the #SCAM campaign
#SCAM is an awareness campaign on the dangers of the Internet, led by the Federal Police via the social networks Facebook, Instagram and Youtube but also internally, in the media and via our partners. It started on February 10, 2026 and will end on June 30, 2026.
Every Tuesday, or even on other special occasions, a prevention article is posted on the Federal Police website.
More information...
The FPS Finance also offers specific advice on this topic: You have sent an invoice to the customer, but payment is slow to arrive | FPS Economy (available in French, Dutch or German)