Need a hand?

Just pop your question below to get an answer.

Topics
Personal · Security and fraud · How do I protect myself from fraudsters

Paying a bill with new bank details?

"We were paying our builder for our new kitchen. He sent an invoice for £8,000. 5 minutes later, we got another email saying, 'Use this account instead, the other one is for our old business.'"

"We didn't think twice and sent the money. A week later the builder called asking for payment. The second email was from a hacker who had been watching his account. Our money was gone."

Summary

This situation typically begins when a criminal successfully gains unauthorised access to the email account of a supplier you are already dealing with — such as a builder, a solicitor, or a small business owner.

The deception occurs when you receive an email that appears to be part of your ongoing thread with the supplier. The criminal sends an updated invoice or a follow-up message claiming that their account details have recently changed due to an error with their usual account.

Because the email comes from the correct address and references specific details about your project or purchase, it is incredibly convincing. You authorise the payment and only discover the fraud weeks later when the real supplier contacts you to ask why their bill hasn't been paid.

Common red flags

  • Scrutinise email sender: Check the 'From' address carefully. Scammers often use email addresses that are one letter off from the real address
  • Look for pressure and secrecy: Be wary of emails demanding immediate payment or claiming the bank details must be kept confidential due to a recent merger or audit
  • Inspect the invoice format: Look closely at the PDF or invoice document for signs of tampering. Blurry logos, different font styles in the bank details section, or spelling mistakes are common indicators that a legitimate invoice has been intercepted and hastily edited by a criminal

Safety best practices

  • Verify bank details by phone: If you receive a payment request that includes a change to the supplier's bank account number, always verify the change by calling a known, pre-existing phone number for that company. Do not use the phone number listed on the email or invoice
  • Confirm the total amount: If the invoiced amount is slightly different from the expected or usual amount, use this as a trigger to verify the details
  • Use company portals when possible: Pay via a dedicated, secure payment portal or platform run by the company, rather than relying on bank transfer details provided in an email