Skip to content

Licensing

Invoice Manipulation: The Coverage Insureds Never Knew They Needed

← All articles
Filed under Licensing

The newest cyber threat that is challenging corporate America are invoice scams and invoice manipulation. Companies of all sizes are being targeted by cyber "bad actors", commonly known as hackers and cyber thieves. Invoice scams & manipulations are happening at an alarming rate and many of the claims are not being covered because most insurance policies don't have a coverage trigger that applies to this type of claim.

So What is Invoice Manipulation and Why is Important?

Invoice manipulation is the flip side of social engineering scams. In a social engineering scam, the insured's company, or more specifically, an employee of the company, is tricked via a hack or phishing scam to voluntarily part with money, products, services or goods. Invoice manipulation is more devious in nature. It happens when the customers or vendors of an insured are tricked by a Bad Actor using legitimate email and data of the insured to get the customer or vendor to alter a payment or deliver of products, services or goods to the wrong location that is controlled by the Bad Actor.

Generally, the way this happens is a Bad Actor either gains access to one of your employee's emails by a successful phishing scam or by breaching their personal accounts and securing a password they use at work. The scariest part of invoice scams is that they take time. The scammer sits and waits, watching your system, learning your habits, seeing all of that employee's correspondence, and specifically learning how your company and its customer or vendors work together.

Then they wait until the right time to ask your customer or vendor to change a payment via wire to a new bank, or have standing deliveries redirected to a new worksite using the compromised account and then deleting the request and correspondence before your employee sees it.

The terrifying repercussion is that the insured has no idea the events have transpired until they go to either follow up for payment or secure more supplies, at which point they learn their money or order is gone and there is nothing they can do.

Misconceptions About Invoice Manipulation

The unfortunate misconception is that many companies think this type of incident is already covered in their policy. Many people believe since it starts with a phishing or a hack attack that their policies will have coverage under the social engineering clause. Again, since the social engineering clause is only designed to cover an instance when their own employee is being socially engineered or manipulated to give up money, products, services or goods, there is no coverage.

Invoice manipulation is not about your employee giving up money, products, services or goods. It's about someone portraying themselves as your employee and convincing your customers and/or vendors to redirect payment, products, services or goods. This action, while similar in nature, is not the same. The crime is perpetrated on another party outside of your firm. So, it should be their problem right?

It doesn't quite work that way, because the customer or vendor has an email or communication that legitimately came from your company and is related to actual payment, products, services or goods intended to be from you. The truth is, if your server sends the request, your customer or vendor is not responsible for your loss. While this seems unfair, the reality is that the courts and the insurers have defined the distinction between the two coverages.

Insured companies (the victims) often believe they have not done anything wrong so the transaction is void and should not be counted against them. Their logic is often that it is the customer's or vendor's social engineering issue and not their problem. Unfortunately, upon forensic review, the insured often finds they were hacked or phished.

Learning that cyber social engineering does not cover the loss, many try to look to other coverages. The next possible path would be crime coverage. Unfortunately, unendorsed crime policies are only designed to cover crime committed by your employees or theft at the business location so neither of these coverage triggers apply.

Since neither the unendorsed cyber policy nor the crime policy are triggered by this action, the customer or vendor deems the matter closed and the problem truly becomes that of the insured who was actually infiltrated by a bad actor in the first place.

How Does One Get Coverage?

This brings us back to the needs of an insured who has either not been paid or does not have the goods/services they need to conduct their business. How do they get coverage? As we have reviewed, it is not a social engineering coverage issue. Invoice manipulation coverage is currently the clearest insurance clause that can respond to these types of claims.

There are specific terms and conditions surrounding invoice manipulation claims. All cyber policies are non-standard so there is no one magic definition. Since this is a non-standard coverage that must be linked back to key definitions within the cyber policy, each carrier's endorsement will be uniquely different from the other.

As with all non-standard products, the buyer must be aware of what they are purchasing. Not all insurance companies are offering coverage. The insurers who do offer invoice manipulation coverage also have varying terms, conditions and limits which may apply. The safest way to make sure you are getting invoice manipulation coverage is to ask for it and review the terms, conditions and limits. As the coverage evolves, it will become more standard but right now the forms vary from one another.

The final analysis – cybercriminals are getting smarter and cyber insurers are working hard to keep up with the demand to protect consumers.

Found This Useful? Let's Get You Set Up.

Start an application and an expert will tailor the next steps to your situation.

Related reading

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Licensing

Maryland Rent Collection in 2026: 7 Licensing Risks Property Managers Must Avoid

Property managers in Maryland are running into a question that is getting more attention and creating real operational risk. Does collecting rent, especially when a tenant is past due, trigger Maryland's collection agency licensing requirements?

Licensing Challenges for Mortgage Servicers

Licensing

Licensing Challenges for Mortgage Servicers

Mortgage servicers play a central role in the housing finance system. They collect borrower payments, manage escrow accounts, respond to customer inquiries, and step in with loss mitigation or foreclosure processes when borrowers fall behind. Servicers act as the day-to-day managers of loans after origination, ensuring that cash flows properly between borrowers and investors. Since [...]

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Licensing

The Pros and Cons of Outsourcing Debt Collection for Startups and Small Businesses

Cash flow is the lifeblood of every startup. When customers delay or default on payments, even the most innovative ideas can stall. Founders often face a critical challenge: Should we collect overdue invoices ourselves, or hand them off to a third-party debt collection agency? Outsourcing debt collection - sometimes called debt recovery outsourcing - has become increasingly common for [...]

Is it time to rethink your agency name given the CFPB's Limited Content Voice Message Rules?

Licensing

Is it time to rethink your agency name given the CFPB's Limited Content Voice Message Rules?

Limited Content Messages and Your Company's Name By John Bedard, Jr. Click here to request help with a name change or dba On October 30, 2020, the CFPB published its years-in-the-making amendment to Reg F ("the Rules") to implement the FDCPA. These rules address many topics, including email and text message communications, time, place and [...]

January 2026

Newsletter

January 2026

NY STATEWIDE DEBT COLLECTION LICENSING BILLS RETURN New bills in New York, Assembly A5537 and Senate S4271, would create a statewide licensing requirement for third-party collection agencies, debt buyers, and other covered entities collecting consumer debt from New York residents. Covered companies would need to apply for and maintain a license, provide ownership and control [...]

January a Record-Breaking Surge in Consumer Complaints and Suits

Compliance

January a Record-Breaking Surge in Consumer Complaints and Suits

In January 2024, there was an unprecedented spike in consumer complaints and lawsuits lodged with the CFPB. Everything from Fair Debt Collection Practices Act (FDCPA) and Telephone Consumer Protection Act (TCPA) lawsuits to Fair Credit Reporting Act (FCRA) suits saw a double-digit surge, both on a month-to-month and year-over-year basis. A Closer Look at the [...]

Browse the full insights library, meet our editorial team, or download our whitepapers.

Insights

Found This Useful? Let's Get You Set Up.

An expert will respond within one business day.