The invoice with new banking details
One spoofed email changes a vendor's bank account — and your customer's accounts-payable team wires six figures straight to a fraudster.
What we're seeing
Business email compromise is among the costliest fraud categories by dollar loss. The classic play: an attacker spoofs or compromises a vendor's (or an executive's) email and sends an urgent note — 'we've updated our banking details, please use this account for the next payment.'
The accounts-payable team, seeing a familiar sender and a real outstanding invoice, updates the payee and pays. Nothing was hacked on the bank's side; the deception happened entirely inside the customer's inbox.
Why your current stack misses it
- The payment is fully authorized by a legitimate business customer using valid credentials — from the bank's view it's an ordinary commercial wire to a new beneficiary.
- The fraud happened upstream, in the customer's email, where transaction rules can't see it.
The signal pattern
- A recurring vendor payment suddenly redirected to a brand-new beneficiary account.
- The beneficiary bank or account just changed — often to a different bank or region than prior payments to that payee.
- Urgency timed to a real invoice due date.
- A young beneficiary account, or one receiving redirected payments from multiple unrelated business payers.
What you'd do Monday morning
- For commercial wires, flag changes to an established payee's banking details and confirm by callback to a known number — not the one printed on the new invoice.
- Compare the new beneficiary against the payee's historical settlement account.
- Coach AP-heavy business customers on a verbal, dual-channel verification policy.
Spot the Fraud
Read the case. Make the call. See how you score against The PreCogs.
A long-standing business customer wires a six-figure vendor payment — but to a beneficiary account that differs from every prior payment to that same vendor. Clear it, or hold it?