Invoice Redirection

How does the fraud happen?

Criminals pose as a creditor or supplier and tell you their company’s bank details have changed. They often initiate the bogus instructions by email or letter, including official logos, letterheads and signatures to look as convincing as possible.


They will have often researched who to contact to request the change and which suppliers you use to make the request look as authentic as possible. The communication will ask you to make all future payments to a new sort code and account number. If the change of details is made all future payments to the supplier are made direct to the fraudster, and the original payment to the actual suppliers account will still need to be made.

We’ve also seen an increase in fraudsters gaining access to compromised email accounts belonging to finance team employees. Once inside, the attacker creates a forwarding rule within the email platform and starts gathering copies of all messages.

The fraudster uses the knowledge they gain from the compromised email account, such as billing frequency, and the interaction with customers, to create identical looking invoices, using similar terminology and logos, and send those to your customer. When the customer pays the invoice, the money goes straight to the fraudsters’ bank account.

There are several ways for attackers to obtain access to a legitimate mailbox, such as a password spray, an attack that attempts to access many accounts (usernames) with a few commonly used passwords, or the use of malware (viruses, trojans), and phishing where attackers send an email with a link to a fake website that’s designed to steal credentials.

Regardless of the tactic, the goal is for the attacker to access your email and become you.

Protect yourself and your business from Invoice Redirection

  • Be vigilant, check and challenge any request to change account details.
  • Contact suppliers and creditors independently to check the request is genuine, use contact details you already hold or that have been obtained independently rather than any included in the request.
  • Don’t make any changes to payment details until you are certain it is genuine, even if they are claiming it is urgent.
  • Once a payment has been made confirm with the intended beneficiary that it has been received.
  • Train your employees how to recognise suspicious emails and what to do with one if they receive one.
  • When creating your out-of-office messages, share as few details as possible, and avoid publishing direct business phone numbers, names, titles and email addresses for other members of your organisation. Avoid using definite dates of your absence, since this information could be used by a cyber-attacker trying to steal information from your company.
  • Strengthen passwords for access to email accounts avoid common phrases and using the same password for everything. A good way to create a strong and memorable password is to use three random words and replacing some letters with numbers and symbols, for example, 42Greenwh@leOcean!
  • If you are a Bankline user, enable dual authorisation for payments and changes to payment Templates and Bulk lists so that any payments and changes must be approved by a second user before the payment is sent or the changes take affect.
  • Never send details of a change of bank account to your customers by email.

Always think twice and make double checking second nature

Take Five to stop fraud

Take Five is a national campaign that offers straight-forward and impartial advice to help everyone protect themselves from preventable financial fraud. This includes email deception and phone-based scams as well as online fraud – particularly where criminals impersonate trusted organisations.

Need to report a fraud or a scam?

Other ways to get help

Created with Sketch.
Created with Sketch.