More than four in 10 businesses in the UK are unaware of the risks posed by invoice fraud, according to a survey by banking trade body UK Finance.
That is despite such scams costing firms almost £93m in 2018, it says.
Scams take place when fraudsters trick firms into transferring money by posing as legitimate payees.
There were 3,280 invoice and bank mandate scam cases involving businesses over the year, with an average loss per case of more than £28,000.
Some £29.6m of the money lost to this type of fraud was fortunately returned to business customers, the trade body says.
All sizes of firms affected
UK Finance surveyed 1,500 firms across the UK and found that 55% of sole traders were aware of the threat of invoice fraud, compared with 68% of small businesses and 84% of large businesses.
Large businesses were more likely to have taken steps to protect themselves against such scams. But they were also more likely to have experienced invoice fraud than smaller firms.
"Invoice fraud could happen to businesses of all sizes," said Katy Worobec, managing director of economic crime at UK Finance.
"The gangs behind this type of fraud are increasingly sophisticated and will often get hold of details that allow them to pose convincingly as regular suppliers.
"If someone contacts you asking for a supplier's bank account details to be changed, always verify with that supplier separately on the phone or in person, using the contact details you have on file."
Invoice fraud involves criminals targeting businesses by posing as a regular supplier and making a request for their bank account details to be changed, often by email.
Businesses are then tricked into sending money to an account controlled by the fraudster rather than the genuine supplier.
Often the criminals will try to acquire details from businesses, such as the date when regular payments are due, to make their approach more convincing.
UK Finance says if you are making a payment to an account for the first time, transfer a small sum first.
Then check with the company - using known contact details - to check that the payment has been received and that the account details are correct.
"Contact your bank straight away if you think you may have fallen victim to an invoice or mandate scam," the trade body adds.