Invoice Redirection Fraud
Fraudsters change supplier bank details so legitimate payments are diverted to them.
Last reviewed: 1 June 2026
What this scam is
Invoice redirection (mandate fraud) tricks a business into paying a genuine-looking invoice to fraudster-controlled bank details, by impersonating a supplier and 'updating' their account information.
How it works
Scammers email finance staff posing as a known supplier, advising new bank details for future or outstanding invoices. Payments are then sent to the fraudster's account. The real supplier later chases the unpaid invoice.
Common red flags
- A supplier 'changing bank details' by email
- Urgency to update details before the next payment run
- Slightly altered sender email domain
- Request to keep the change quiet or skip normal checks
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Please note our bank details have changed. Update your records and pay invoice [number] to the new account.
Payment methods used
- Bank transfer
Who is usually targeted
- Accounts payable teams
- SMEs
- Any organisation paying suppliers
What to do immediately
- Verify any bank-detail change by calling a known contact on a trusted number
- Pause the payment and check internally
- If paid, contact your bank immediately to attempt recall; report it
Evidence to preserve
- The email and headers
- Invoice and payment records
- Supplier contact history
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How do we prevent invoice redirection?
Verify every bank-detail change by phone to a known contact, require dual authorisation for changes and large payments, and train staff to treat 'updated details' emails with suspicion.