In recent months, we have noticed the use of cybercrime techniques. Nowadays, almost all cases of invoice fraud begin with the hacking of an e-mail account of a business using phishing e-mails to steal usernames and passwords.
If the company is not protected by an additional layer of security (two-factor authentication), the fraudster can send an e-mail from this account, asking the customer to pay into a different bank account.
"}},{"componentType":"paragraph","richBody":{"value":"In 2019, Bol.com was scammed out of €750,000 as a result of e-mail spoofing. The case even made national headlines.
Online retailer Bol.com, which sells Brabantia’s household goods, received an e-mail, supposedly from Brabantia. In this message, the company stated that it wanted all future payments to be made to an account with a Spanish bank. Bol.com asked its IT department to verify the sender’s identity with an e-mail authentication check. After the origin of the message was confirmed, all subsequent payments were made into the Spanish account.
Until Brabantia contacted the retailer to see why its invoices were not being paid, claiming 750,000 euros in arrears!
"},"title":"The Bol.com / Brabantia case"},{"componentType":"paragraph","richBody":{"value":"Bol.com decided to go to court to get out of paying Brabantia, claiming that the household goods manufacturer was responsible because its system had been hacked. The Dutch court rejected this claim, ruling that Bol.com was in default because a payment into the wrong account does not release a debtor from its payment obligation.
The judge also pointed out that the e-mail contained several classic signs of fraud that Bol.com should have noticed: the sudden switch to a mix of English and Dutch, the poor spelling in the e-mail, a Spanish bank account, etc. The error could have been avoided by a simple call to Brabantia.
"},"title":"Claim initially rejected by the court"},{"componentType":"paragraph","richBody":{"value":"On the other hand, the court acknowledged that Bol.com’s argument, which highlighted Brabantia’s inadequate cybersecurity, could be relevant in liability action.
This could lead to major changes in case law in the Netherlands and other countries such as Belgium.
These days, the majority of fraud begins with hacking. However, if the debtor can prove that the creditor neglected to take adequate cybersecurity measures, this may trigger a ruling of shared responsibility.
"},"title":"An important legal step towards greater security"},{"componentType":"sectionTitle","title":"Peppol will make it harder for fraudsters"},{"componentType":"paragraph","richBody":{"value":"From 1 January 2026, electronic invoicing through the Peppol network (using ING Invoice Manager, for example) will become mandatory for all B2B transactions. From that date onwards, invoices may no longer be sent by e-mail, in PDF or Word format. This reduces the risk of fraud because companies will no longer be able to process invoices outside the Peppol network.
As long as financial information can be sent by e-mail (such as account changes), however, there is still a risk. To be effective, the use of the Peppol network should be extended to all billing-related exchanges.
It is safe to say that fraudsters will probably adapt their methods. We can expect to see more hacking of billing systems. The security of a company’s finance department will therefore depend on the security of its IT network: two-factor identification and a unique password are essential for guarding accounts and systems against unauthorised access.
"}},{"componentType":"sectionTitle","title":"Verification of the beneficiary, a European solution"},{"componentType":"paragraph","richBody":{"value":"Since 13 March 2024, Regulation (EU) 2024/886 requires all payment service providers to check the beneficiary’s name before making a transfer. The company (or individual) can check in real time whether the beneficiary’s name matches the IBAN before validating the payment.
There are different possibilities in that case:
1. The name and account number match 100%
2. There is a small error in the name
3. There is a mismatch between the beneficiary’s name and account number
Following the notification of an error, the payer can decide whether to proceed with the transaction or stop it. Transfers to accounts outside Europe do not offer this protection. You should therefore contact the beneficiary directly if the account number changes.
We have compiled all relevant information about cybersecurity for your business here.
"}},{"componentType":"sectionTitle","title":"Employee training: an important safety measure"},{"componentType":"paragraph","richBody":{"value":"Accountants are on the front line when it comes to financial fraud. They are the ones who receive the phishing e-mails, the call from the fake CEO, and the fake invoices. Unfortunately, most training programmes continue to overlook financial fraud.
ING has decided to take a different approach. Our team of anti-fraud experts offers free online training for anyone with access to the company’s accounts. ITAA members receive a credit certificate after completing the ING training programme.
Participants learn how to protect their company against fraud (invoices, false CEOs, phishing, etc.) with real-world case studies and actual recordings of scams.
Train your staff for free as part of the fight against financial fraud:
"}}]},"hasMacro":false,"id":"3e1db000-5e5e-47eb-a1a7-773fc1aee0fc","localeString":"en-GB","mainHeaderZone":{"backLink":{"textLink":{"text":"I protect my business","url":"/en/business/news/secure-business"}},"componentType":"editorialHeader","coreHeader":{"body":"If invoice fraud is that easy to detect, it should be relatively easy to prevent. And yet the number of cases of invoice fraud among our customer base has increased in 2025, after falling sharply in 2024. These days, fraud operations are increasingly well coordinated. In response, the banking sector is preparing new security measures. Moreover, ING continues to offer free training for accountants.","headerImage":{"extension":"jpg","original":"https://assets.ing.com/m/7a52980ddc1884f1/original/Visual-voor-artikel-valse-facturen.jpg","transformBaseUrl":"https://assets.ing.com/transform/c3aaef88-782f-495a-ae58-e303694faec3/Visual-voor-artikel-valse-facturen","type":"image","width":5568},"title":"Invoice fraud: easy to detect"},"date":"2025-09-26","readingTime":5},"publishDate":"2025-09-26T23:03:40.524+02:00"}}