Invoice Redirection Scam Checklist: How to Check Payment Detail Changes
A believable invoice email can redirect a legitimate payment into the wrong account.
Why this scam is effective
The invoice itself may be expected, accurate, and tied to a real supplier relationship. The fraud is the bank detail change or the spoofed email that introduces it.
Treat changed details as high-risk
Any message that updates supplier payment details should trigger mandatory verification through a trusted phone number or contact path already on file.
Look for subtle email differences
The sender domain may differ by one character, use a new hyphen, or come from a reply-to address that staff are not used to checking.
Use dual approval for larger payments
A second reviewer or callback process reduces the chance that one rushed employee processes the fraud alone.
If a payment has gone out
Notify your bank and the genuine supplier immediately. Fast notification gives the best chance of intervention.
Operational defence
Create a standing rule that bank detail changes are never approved on email alone.
Frequently asked questions
Can the rest of the invoice be genuine?
Yes. Only the payment details may be fraudulent.
Is this only a large-company problem?
No. Small businesses are common targets because controls can be lighter.
Should staff call back on the number in the email?
No. Use a trusted number already on record.