Invoice bank detail switch
A supplier invoice or payment instruction is altered so funds go to a fraudulent account instead of the expected business.
Structured social caption
Invoice bank detail switch: A supplier invoice or payment instruction is altered so funds go to a fraudulent account instead of the expected business. Changed bank details need independent verification through a known channel before payment
Payment diversion
Invoice bank detail switch
A supplier invoice or payment instruction is altered so funds go to a fraudulent account instead of the expected business.
Red flags
What to do now
Use a known phone number or verified procurement channel to confirm any bank-detail change before payment. If payment was sent, call the bank immediately and preserve the email headers.
What happened
An attacker compromises or imitates a supplier conversation, then sends replacement bank details with enough context to look legitimate.
How it works
The fraud succeeds when payment teams trust the email thread and skip independent verification of changed bank details.
Red flags
- Payment details change close to the due date.
- The message discourages phone verification.
- Sender address, reply-to address, or attachment name differs from the usual pattern.
What to do now
Use a known phone number or verified procurement channel to confirm any bank-detail change before payment. If payment was sent, call the bank immediately and preserve the email headers.
What not to do
Do not verify changed account details by replying to the same email thread that introduced the change.
Evidence notes
- Email headers, invoice versions, and the old versus new bank details help investigators.
- Publish only redacted bank identifiers and never expose full account data publicly.