7/1/2026, 11:44:56 AM
Decision summary
Capture verification workflows, supplier onboarding controls, and redacted examples of altered payment instructions.
Verify payments independently
Do not release goods or funds until you confirm inside your bank app.
Escalate suspicious requests
Use the official support channel instead of replying to the scam chat.
Report identifiers
Send handles, phone numbers, and payment links so TrustOps can corroborate.
Playbook sections
An attacker compromises or imitates a supplier conversation, then sends replacement bank details with enough context to look legitimate.
The fraud succeeds when payment teams trust the email thread and skip independent verification of changed bank details.
Use a known phone number or verified procurement channel to confirm any bank-detail change before payment. If payment was sent, call the bank immediately and preserve the email headers.
Do not verify changed account details by replying to the same email thread that introduced the change.
Capture verification workflows, supplier onboarding controls, and redacted examples of altered payment instructions.
Forum status
This public thread is a moderated briefing surface. Fresh evidence and supporting notes go through reviewed submission routes before TrustOps updates the public thread. Use reports for incident evidence, Ask TrustOps for questions, and fraud cards for card-specific deliberation.
Have more intelligence to add? Return to the forum index or review community rules.