This cybersecurity analysis reveals a sophisticated invoice fraud campaign targeting businesses through coordinated use of legitimate-appearing company names and payment platforms. The campaign centers around BILL.COM, LLC, which has generated 101 CFPB complaints in the money transfer industry, operating in connection with two debt collection entities: ACCOUNT SERVICES INC. (8 CFPB complaints) and Remit Corporation (17 CFPB complaints). These entities are interconnected through shared reporting patterns, with the strongest connection showing a 1.00 confidence level between Remit Corporation and ACCOUNT SERVICES INC.
The fraudulent operation leverages multiple communication channels, including phone number 510-237-8570 and the domain bill.com, which was registered through GoDaddy Corporate Domains, LLC in 1994. All entities in this cluster show reported-together relationships, with BILL.COM, LLC demonstrating the highest confidence connection to bill.com at 0.59, suggesting frequent co-occurrence in consumer complaints. The scammers appear to exploit the legitimacy of the bill.com domain and the established presence of these financial service companies to execute their fraud scheme.
Community reports reveal the campaign's methodology involves sending fake invoices with urgent payment reminders. The fraudulent communications reference "Remit Bank Name: GO2Bank Account Name: Blueprint Consulting LLC Account#: 15102378570467" and specifically mention that "payments by checks or Bill.com" are acceptable methods. Multiple victims report receiving identical emails requesting payment for services never provided, with scammers targeting executive directors and staff members while including fraudulent W9 forms and ACH payment information to appear legitimate.
The consumer impact extends beyond the 126 total CFPB complaints across the three connected companies, as evidenced by multiple community reports describing attempted business email compromise attacks. The integration of the phone number 510-237-8570 into fake account numbers (15102378570467) demonstrates the sophisticated nature of this operation, designed to confuse victims and create an appearance of authenticity across multiple communication touchpoints.
To protect against this campaign, consumers and businesses should verify all invoices by contacting service providers through independently obtained contact information, never using phone numbers or payment details provided in suspicious emails. If contacted by any entity in this network, immediately hang up on phone calls, do not click any links in emails, and report the incident to the FTC at reportfraud.ftc.gov or to the FCC for phone-based attempts. Before making any payments, verify company legitimacy through official business registries and check suspicious phone numbers or domains through consumer protection databases and reverse lookup services.
This campaign represents a moderate to high threat level due to its sophisticated use of legitimate-appearing company names and established domains to target businesses with fake invoicing schemes. Organizations should immediately implement additional invoice verification procedures, train staff on business email compromise tactics, and establish clear protocols for validating payment requests that reference any of the identified entities or communication channels in this cluster.