Fake Invoice Scams: When 'Our Bank Details Changed'

Short answer: an email saying a supplier, contractor, or landlord has "updated their bank details — please pay the new account" is one of the costliest scams in business. Known as business email compromise (BEC) or invoice fraud, it redirects a real payment into a scammer's account, often by hijacking or spoofing an email you already trust.

It's dangerous because nothing looks like phishing — there's no scary link, just a routine-looking invoice. Here's how it works and the one control that stops it.

Quick check: Never change payment details based on an email alone. Confirm any bank-detail change by calling the supplier on a known number you already have — not one from the email.

How invoice-redirect fraud works

1. Access or impersonation. Scammers either break into a real email account (a supplier's or a colleague's) or spoof it convincingly, sometimes using a look-alike domain.
2. The watch. From inside a hijacked inbox, they learn who pays whom, the amounts, and the tone of normal messages.
3. The switch. At invoice time, an email arrives: "We've changed banks — please update our account details for this payment."
4. The redirect. You pay the real-looking invoice to the new account. The money lands with the scammer, and because it's a push payment you authorized, it's hard to recover.

Variants target individuals too: a "title company" emailing new wire instructions during a home purchase, or a "landlord" changing where rent goes.

What the email looks like

From: Accounts <billing@suppl1er-co.com>
Subject: Updated Remittance Details — Invoice #4821

Hi,

Please note our banking details have changed as we've switched
providers. Kindly use the new account below for invoice #4821
and all future payments.

  Bank: ...    Account: ...    Sort/Routing: ...

Apologies for any inconvenience — please confirm once updated.

Regards,
Accounts Team

It reads like routine admin, which is the whole point. There's no malicious link to catch, just a polite request to change where money goes — sometimes sent from a hijacked real inbox, sometimes from a look-alike domain (note the "1" in suppl1er-co.com). The only reliable defense is to confirm the change by phone before paying.

The red flags

• Any change to bank or payment details delivered by email.
• A reply-to or sender domain that's subtly off (a look-alike).
• New urgency around an otherwise normal payment ("pay today to avoid late fees").
• Slightly different wording, signature, or formatting than usual.
• A request to keep the change quiet or skip the normal process.

The one control that beats it

Verify every change of payment details out-of-band — by calling the supplier or counterparty on a phone number you already have on file, not one printed in the email. A 60-second call confirms whether the change is real.

Make it a standing rule, not a judgment call: no bank-detail change is actioned without a verbal confirmation to a known contact. Scammers rely on email-only trust; this rule removes it.

Extra safeguards for businesses

• Require dual approval for new or changed payee details and large payments.
• Confirm the first payment to any new account with a small test and a call.
• Turn on two-factor authentication for all email accounts to prevent inbox takeover.
• Be alert to look-alike domains (e.g. an extra letter) in sender addresses.
• Train staff that "the email looks normal" is not verification.

If you already paid the wrong account

Act within minutes if possible: contact your bank to attempt a recall, notify the real supplier, and report it. In the US, report to the FBI's IC3 at ic3.gov and the FTC at reportfraud.ftc.gov; fast reporting gives the best chance of freezing the funds. See how to report a scam email.

Get a suspicious invoice checked

If an invoice or a "we changed banks" email gives you any pause, forward it to FraudRoom at check@fraudroom.com before you pay — you'll get a plain-English risk read and the safest next step, while you also place that verification call.

FAQ

What is business email compromise (BEC)?

BEC is a scam where fraudsters hijack or spoof a trusted email account to redirect payments or trick staff into transferring money — typically by sending a real-looking invoice with new bank details.

How do I verify a supplier's change of bank details?

Call the supplier on a phone number you already have on file (not one from the email) and confirm the change verbally before paying. Treat email-only requests to change payment details as unverified.

Can I get the money back after paying a fake invoice?

Sometimes, if you act immediately. Contact your bank to attempt a recall and report to IC3 and the FTC right away. Push payments are hard to reverse, so speed is everything.

Key takeaways

• BEC redirects real payments using trusted-looking emails — no link required.
• Never change payment details based on email alone.
• Verify every change by calling a known number, as a standing rule.
• Use dual approval and email 2FA; report wrong payments immediately.

Related reading

• Is this email a scam? How to check if it's real or phishing
• What does a scam email look like? The red flags
• How to report a scam email