Payment Change Requests: Verify Before You Pay
A message arrives from a supplier, landlord, contractor, or senior manager. It looks normal. The wording is polite. The invoice may even look familiar.
Then comes the important line: “Please use our new bank account details for this payment.”
That is the moment to slow down.
Payment-change scams are one of the most practical ways criminals target businesses. They do not always need malware or a dramatic hack. Sometimes they only need one convincing email at the right time, sent to the right person in accounts, purchasing, or management.
The goal is not to make staff suspicious of every supplier. The goal is to make payment changes follow a safe process every time.
Why payment changes are risky
Criminals may impersonate a real supplier, compromise an email account, register a lookalike domain, or reply inside an existing email thread. They may know the project name, invoice amount, contact person, or payment timing.
That context can make a fake request feel genuine.
A payment-change scam may involve:
- new bank account details
- urgent wire transfer instructions
- a request to split payment between accounts
- a “corrected” invoice
- a message claiming the old account is closed
- pressure to pay before a deadline
- a manager asking for confidentiality or speed
If the payment is sent to the wrong account, recovery can be difficult and time-sensitive.
What staff should do
Use a simple rule: verify payment changes using a trusted contact method that was already on file.
Do:
- Call the supplier using a phone number from your records, not the email signature in the new message.
- Confirm bank-detail changes with a known contact before updating accounting records.
- Require a second internal approval for new bank details or large payments.
- Compare the sender’s email address carefully, including spelling and domain name.
- Keep supplier contact details in a trusted system, not only in email threads.
- Save evidence of the verification step with the payment record.
Do not:
- Reply to the suspicious email and treat that as verification.
- use phone numbers or links provided only in the payment-change message.
- Rush because the message says payment is urgent.
- Change supplier banking details based on email alone.
- Ignore small spelling differences in email domains.
- Keep the issue quiet if something feels wrong.
A real supplier should understand why your business verifies payment changes. A scammer usually wants speed and silence.
Red flags to watch for
Be careful when a payment message includes:
- unexpected urgency
- new banking details shortly before payment is due
- a different reply-to address
- a slightly changed supplier domain name
- unusual grammar or tone from a familiar contact
- a request to bypass normal approval
- instructions not to call or confirm
- a bank account in an unexpected name or location
One red flag does not prove fraud, but it is enough reason to verify.
If you are unsure
If a payment request feels even slightly unusual, pause the payment and escalate it.
Ask a manager or IT support to review the message. Contact the supplier through a trusted number already in your records. If the sender claims to be an internal manager, confirm through Teams, phone, or in person before acting.
If payment may already have gone to the wrong account, report it immediately. Contact the bank, management, and IT support at once. Quick action may help freeze or trace funds, and IT can check whether email accounts or rules were involved.
A simple office rule
Here is the rule to share with finance, admin, purchasing, and management teams:
Never change bank details or send unusual payments based on email alone. Verify through a trusted second channel first.
That one pause can protect the business, the supplier relationship, and the person processing the payment.
Sources: Federal Trade Commission — Scams and Your Small Business: A Guide for Business; FBI Internet Crime Complaint Center — Business Email Compromise; National Cyber Security Centre — Business email compromise.
