On 14 May 2026, the Federal Judicial Police (FJP) of Antwerp publicly sounded the alarm, highlighting the growing sophistication of invoice fraud. Figures from the official Belgian authorities confirm the scale of the phenomenon: damage of approximately €32 million is reported for 2025, certainly underestimated given that the FPS Economy estimates that fewer than 1% of victims of online fraud report the facts.
Invoice fraud has evolved considerably. It is no longer a matter of physical mail intercepted in letterboxes or in bpost's postal sorting centres (although these practices persist). Nowadays, fraudsters operate almost exclusively electronically, with formidable efficiency.
It all starts with fraudulent access to a mailbox. Criminals exploit compromised login credentials from previous data breaches. This data (often from major telecom operators such as Telenet or Proximus) is exchanged or resold on the dark web.
Once the mailbox has been infiltrated, the process unfolds in a fully automated manner, thanks to artificial intelligence: "As soon as they access the mailbox, they intercept and monitor all incoming mail via an automated process. They then manipulate the invoices in attachments by replacing the structured communication and account number. The modified invoice, visually identical to the original, is then discreetly placed back in the mailbox or transmitted directly to the victim. Thanks to artificial intelligence, this process takes place at lightning speed." (FJP Antwerp)
The result: an invoice that appears entirely authentic — same logo, same layout, same supplier — but in which the only change is that the IBAN account number has been replaced by that of a "financial mule" controlled by the fraudsters. The fraud is often discovered too late, when the legitimate supplier demands payment.
The main forms of invoice fraud are as follows:
Companies are also increasingly confronted with genuine hacking of their IT environment and their Itsme, giving fraudsters access to the payment programmes (such as ISABEL) that companies normally use. The risk is then that they carry out a large number of payments via these programmes, often during the weekend when there is less real-time monitoring of accounts.
Itsme has moreover published the following message on its website. Caution is advised.
VAT — A company that has paid a falsified invoice cannot in principle deduct the corresponding VAT if the payment was not made to the legitimate beneficiary. The FPS Finance may reject the right to deduction if the validity conditions provided for by the VAT Code are not met, as these concern the identification of the legitimate supplier. It is up to the company to prove its good faith.
Furthermore, a company involuntarily involved in a VAT carousel fraud scheme may be held jointly and severally liable for the fraudulently deducted tax. The case law of the Court of Justice of the European Union indeed requires taxable persons to verify the reliability of their suppliers.
CIT — In the event of theft of money via bank fraud, the stolen amounts could be deductible as professional losses, provided that the theft is well documented with a solid file of supporting documents (theft report to the Police, no gross negligence in the management of IT security, etc.).
The arrival of Peppol from 1 January 2026, making structured electronic invoicing mandatory for all B2B transactions between VAT-registered taxpayers established in Belgium, means that PDF invoices transmitted by email are no longer considered valid for B2B exchanges from that date.
The generalisation of Peppol should structurally reduce invoice fraud between companies, as documents will no longer be able to circulate freely in the form of editable PDFs. However, another risk arises: that of automatic approval of invoices from third parties who are not your suppliers. Any third party can send an invoice to a company via Peppol, and it is up to the manager of the invoice reception programme to verify them before approving/paying them.
Furthermore, the Federation of Belgian Enterprises (FEB) warns that fraudsters are already adapting: they are now seeking to hack directly into the invoicing systems and Peppol access points of companies.
Faced with the growing sophistication of fraud, the Belgian authorities and the FEB recommend a series of concrete measures. The following best practices are recommended:
Secure your messaging systems
Secure your payment procedures
Migrate to structured electronic invoicing (Peppol)
Invoice fraud is no longer an abstract threat. It strikes Belgian companies of all sizes, with sometimes devastating financial and tax consequences. Artificial intelligence has profoundly changed the game: scams are now virtually undetectable to the naked eye, fully automated and disconcertingly fast. The transition to mandatory electronic invoicing via Peppol represents a major structural advance. But it does not exempt from constant vigilance over IT security and internal procedures. Fraudsters adapt — your defences must evolve too.
You are not alone in facing these risks. B.F.S. supports you on a daily basis, whether to advise you on securing your invoicing processes, bringing you into compliance with the new legal obligations, or simply answering a question that concerns you. Our door is open.