National Crime Agency and NatWest Issue Joint Warning Over Invoice Fraud Threat

Invoice fraud, often executed through business email compromise, has surged as cyber‑criminals exploit the trust inherent in accounts‑payable processes. Recent figures from Action Fraud reveal that just last month 83 organisations suffered an average loss of £47,000 each, underscoring the financial strain on both SMEs and large corporates. The sophistication of social‑engineering tactics—spoofed supplier emails, altered bank details, and urgent payment requests—means that traditional security controls are frequently bypassed, leaving firms vulnerable to rapid, irreversible fund transfers.

The NatWest‑NCA joint campaign tackles this vulnerability by promoting a simple yet powerful three‑step protocol: Check for any changes in invoice or banking information, Verify the authenticity of the request through an independent channel, and Never remit funds until the verification is complete. The guidance is distributed through webinars, downloadable checklists, and direct outreach to finance departments, emphasizing real‑world scenarios that illustrate how fraudsters manipulate communication channels. By embedding this “Check, Verify, Never” mindset, the initiative equips staff with actionable defenses that complement existing anti‑phishing technologies.

Beyond immediate risk mitigation, the campaign signals a broader shift toward collaborative defense against economic crime. Regulators and financial institutions are increasingly recognizing that public‑private partnerships can accelerate threat intelligence sharing and improve response times. For businesses, adopting the recommended practices not only safeguards cash flow but also strengthens overall governance and compliance frameworks. As fraudsters evolve their tactics, continuous employee education and robust verification processes will remain essential pillars of a resilient financial ecosystem.