What to do if your business paid a fake invoice or changed bank details
Invoice redirection and business email compromise (BEC) divert real payments to a fraudster. Fast contact with your bank gives the best chance of recall.
Quick answer
Invoice redirection and business email compromise (BEC) divert real payments to a fraudster. Fast contact with your bank gives the best chance of recall.
- Contact your bank immediately to recall or freeze the transfer.
- Contact the recipient bank as well, if you know it.
- Call the real supplier on a number you already hold - not one from the email thread.
- Preserve the email, invoice, and payment instructions exactly as received.
Do this now
Contact your bank and the recipient bank immediately, then the real supplier via a known contact.
Understanding what happened
BEC and invoice-redirection fraud target the routine moment a business pays a supplier. A small change - a 'new' bank account or an urgent CEO request - diverts a real payment to criminals.
Because the request often comes from a familiar name or a compromised real account, it can look completely normal. The defence is to verify bank-detail changes out of band, by phone, every time.
The steps here focus on the fastest recall path, securing the compromised account, and tightening the approval process so it cannot happen again.
First 5 minutes
- Contact your bank immediately to recall or freeze the transfer.
- Contact the recipient bank as well, if you know it.
- Call the real supplier on a number you already hold - not one from the email thread.
- Preserve the email, invoice, and payment instructions exactly as received.
First 24 hours
- Check whether a company email account was compromised, and reset passwords with two-factor authentication.
- Review your finance approval workflow for payments and bank-detail changes.
- Tell affected staff and any other suppliers to be alert.
- Report to police or your national cybercrime/fraud reporting service.
What not to do
- Do not reply to the suspicious email thread to 'confirm' details.
- Do not approve further payments until the account is verified independently.
- Do not assume a familiar display name means the email is genuine.
Evidence to save
- The email headers, invoice, and payment instructions
- The bank details requested and the payment reference
- Any related chat or message threads with the 'supplier'
How to report
Report through official channels for your area.
Find official reporting links for your country in the reporting directory.
- Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
- Report quickly if money was sent or ID documents were shared; speed improves your options.
- Keep your evidence - see how to save scam evidence.
Speed matters most with BEC. Be cautious of anyone offering guaranteed fund recovery for an upfront fee.
Stop it happening again
Always confirm new or changed bank details by phone using a number you already hold.
Require dual approval for payments and for any change to supplier bank details.
Enable two-factor authentication on all business email accounts.
This is general educational guidance, not legal or financial advice, and it is not a guarantee. Always verify through official channels.
Frequently asked questions
What is business email compromise?
BEC is when a fraudster impersonates a supplier, executive, or colleague - often after compromising an email account - to redirect a payment or change bank details.
Can the bank reverse it?
Sometimes, if you act within hours, banks can recall or freeze funds. There is no guarantee, so contact both banks as fast as possible.