Alert : Fake PDF invoices with QR codes – the “quick payment” scam targeting businesses

For some time now, a scam has been specifically targeting businesses: seemingly legitimate invoices are sent by email with an embedded payment QR code.
Stay alert: here is how to spot it and avoid the traps.

Fake PDF invoices with a payment QR code

The victim receives a convincing invoice (energy, telecoms, hosting, SaaS…) containing a QR code leading to a fraudulent payment.

The modus operandi

Scammers send a professionally designed PDF, sometimes using real references (logo, contact details, invoice number) and a QR code presented as a “quick payment” option.
Their goal is to get you to scan the QR code so that you land on a fake payment page, where the funds are sent to a beneficiary controlled by the fraudsters.
Warning signs: unexpected invoice, urgent payment request, unusual bank details or beneficiary, QR code as the only payment method, sender email address that looks similar but is different, inconsistencies (company registration number, VAT number, address).

A few tips:

• ✅ Verify the issuer via an independent channel (official website, usual phone number, customer portal).
• 🔍 Check the beneficiary and the IBAN before any payment, even if the PDF looks “professional”.
• 📷 Avoid paying via QR code if you cannot verify the URL or the payment details displayed.
• 🧾 Put an internal validation process in place (dual approval) for unusual invoices.
• 🛡️ Keep the PDF, the email, and the email headers: these are useful pieces of evidence.

Conclusion

This scam is effective because it exploits fast payment habits and the “official-looking” appearance of a PDF.
If in doubt, do not pay—verify the request and report the attempt.
Read our guide Key principles to follow to avoid most online scams! to strengthen your reflexes.
Useful links: Report Fraud (UK) | Internet Crime Complaint Center – IC3 (US) | National Cyber Security Centre – NCSC (UK) | Cybersecurity and Infrastructure Security Agency – CISA (US)

Written by : René Ronse
Methodology : Our alert articles are based on regular monitoring of national reporting platforms, feedback from victims, and statements issued by relevant authorities.
About the author : René Ronse, manager of ArnaqueOuFiable.com. Expert in consumer cybersecurity, specialist in detecting online fraud, product transparency, and digital compliance. He has over 20 years of experience analyzing hidden subscription mechanisms, unreadable terms and conditions, aggressive sales tactics, and deceptive commercial practices on the web.
Sources : eccbelgium.be | economie.fgov.be | wikipedia.org | vbo-feb.be
Last updated : 10 March 2026.
This article is also available in : Français - Deutsch - Español - Italiano - Nederlands - Português