European email providers are rolling out tougher default defenses against invoice fraud, after a rise in business email compromise schemes that target finance teams with fake payment requests. The new measures focus on a common weak point: attackers who register lookalike domains, spoof vendor identities, and slip urgent “payment due” messages past basic filters.
What is changing
The updates combine stricter sender authentication checks with clearer warnings for users when a message appears suspicious. Rather than relying only on spam scoring, providers are increasing enforcement of standards that verify whether a domain is allowed to send mail and whether the message was altered in transit.
- Stronger DMARC enforcement to reduce domain spoofing and impersonation.
- Improved detection of lookalike domains used to mimic suppliers and partners.
- Invoice fraud warnings when emails request bank detail changes or urgent transfers.
- Attachment and link hardening focused on common invoice formats and redirect patterns.
- Quarantine defaults that isolate borderline messages instead of delivering them to inboxes.
Why invoice fraud is hard to stop
Invoice scams succeed because they exploit routine. Finance staff process large volumes of payments and are trained to be efficient. Attackers take advantage by using familiar vendor names, realistic formatting, and urgency cues. In many cases, criminals also monitor compromised mailboxes to time messages to match real invoices and delivery schedules.
What businesses in Germany should do
Security teams say technical protections help, but process controls remain the most effective barrier against payment diversion. Companies are encouraged to treat any request to change bank details as high risk, even when the email looks legitimate.
- Verify bank detail changes via a known phone number or trusted supplier portal.
- Use dual approval for new payees and high-value transfers.
- Restrict mailbox rules to prevent attackers from hiding invoice threads.
- Adopt phishing-resistant login (passkeys or security keys) for finance accounts.
- Train staff on urgency tactics and lookalike domain detection.
What to watch next
Security specialists expect attackers to adapt by shifting to multi-channel fraud, such as pairing a spoofed email with a follow-up phone call or messaging app contact. That is why providers and enterprises are increasingly focused on layered defenses: sender authentication, anomaly detection, and payment verification workflows that do not rely on email alone.
Bottom line
As invoice fraud grows more targeted, email providers are tightening defaults to reduce impersonation and suspicious payment requests reaching inboxes. For businesses, the most reliable defense remains procedural: verify changes through independent channels and require extra approval for transfers—especially when urgency and new bank details appear in the same message.