Beat the Scam Scam checks, alerts, and consumer protection guides
Home / Guides / Email Scams / Invoice Redirection Scam: UK Guide to Spotting Fake Payment Requests
Email Scams

Invoice Redirection Scam: UK Guide to Spotting Fake Payment Requests

Criminals are posing as your suppliers and changing where you send your money — here's how to stop them.

Published 2026-04-21 · Beat the Scam Editorial Team · 7 min read

invoice redirection scam UKfake invoice scam businesssupplier payment fraudinvoice fraud preventionbusiness email compromise
Key rule: verify through an official route you opened yourself, not the link, number, app, or payment details supplied by the suspicious message.
On this page
  1. What is this scam?
  2. Warning signs to look for
  3. How this scam works step by step
  4. How to verify if it is genuine
  5. What to do if you have already interacted
  6. Reporting this scam in the UK

What is this scam?

An invoice redirection scam happens when a criminal intercepts or mimics communication from a real business supplier and tricks you into paying an invoice to the wrong bank account. The scammer either hacks into your supplier's email, poses as them in a spoofed message, or intercepts a genuine invoice mid-transaction and changes the payment details. Your supplier may not realise payment never arrived, so you don't discover the fraud until weeks later when the real supplier chases the outstanding payment. This type of scam is extremely common in the UK and costs businesses millions annually. It works because it exploits the normal, trusted relationship you already have with your suppliers — you expect invoices from them, so a fake one often slips through. The money usually goes straight to a fraudster's bank account, making recovery extremely difficult once transferred.

Warning signs to look for

  • The invoice is from a supplier you know, but the email address or domain is slightly different (e.g. 'supplIer.com' instead of 'supplier.com' or a free email like Gmail).
  • The payment details have changed compared to previous invoices — a new bank account, sort code, or payment reference that wasn't used before.
  • The invoice requests urgent payment or uses pressure language like 'pay immediately' or 'payment required today'.
  • The email came suddenly with minimal context, or your supplier mentions they've changed their payment method without prior notice.
  • The invoice amount looks unusual or significantly different from your typical monthly spend with that supplier.
  • The email address uses a generic greeting ('Dear Customer') instead of your name or your company's name.
  • Your supplier's email is from a new domain or a different format than their normal communications.
  • There are spelling or grammar errors in the email, or the layout looks unprofessional compared to their usual invoices.

How this scam works step by step

Step one: The criminal either hacks a real supplier's email account, sends a spoofed email that looks like it's from the supplier, or intercepts an invoice during transmission. Step two: They include a legitimate-looking invoice with your company's correct details (order numbers, amounts owed, reference information) but change the bank account or payment details to their own account. Step three: You receive the email and, trusting your supplier, process payment through your normal accounting system — often without checking the bank details against previous invoices. Step four: The money is transferred to the fraudster's account and is often moved to a different bank or country within hours, making tracing almost impossible. Step five: Days or weeks later, your real supplier contacts you asking about the outstanding invoice, and you realise the payment went to the wrong place. By this point, the fraudster has already moved the money. The delay in discovery is why this scam is so effective — businesses often don't check payment confirmations carefully, and suppliers may not immediately chase outstanding payments.

How to verify if it is genuine

Before paying any invoice, use these specific verification steps. First, do not use any contact details provided in the email. Instead, phone your supplier directly using a number you've previously used or found on their official website. Ask them to confirm they sent the invoice and check the payment details verbally. Second, compare the bank details on the invoice with your records from previous payments — if the account number, sort code, or bank name has changed, verify this independently with the supplier. Third, check the email domain carefully — legitimate supplier emails should come from their official business domain, not free email services like Gmail or Outlook. Fourth, if you receive an unexpected email from a supplier about changing payment details, verify this request through a different communication channel (phone call, post, or a new email sent to a verified address). For more detailed guidance on spotting suspicious emails, see our guide on /guides/is-this-website-a-scam/. Never pay based on email alone; always verify by an independent method.

What to do if you have already interacted

If you've already paid the invoice, act immediately. Step one: Contact your bank straight away on the phone number on the back of your debit or credit card (not a number from email or online) and tell them you've been the victim of a payment fraud. Provide the bank account details where you sent the money and the exact amount and date of transfer. Step two: Ask your bank to freeze the payment or recall it if possible — UK banks can sometimes recover funds within 24 hours if you act quickly, though this depends on whether the receiving bank cooperates. Step three: Report the fraud to Action Fraud on 0300 123 2040 or online at actionfraud.police.uk. Provide copies of the fake invoice, the email it came from, and payment confirmation. Step four: Contact your real supplier and explain what happened so they understand you didn't simply ignore their invoice. Step five: Report the phishing email to the NCSC using report@phishing.gov.uk and include full email headers. Recovery becomes much harder after 24 hours, so speed is essential.

Reporting this scam in the UK

If you've been targeted by an invoice redirection scam or believe you've paid a fraudster, report it through these official UK channels. Report fraud and financial loss to Action Fraud by calling 0300 123 2040 (Monday to Friday, 8am to 8pm) or visit actionfraud.police.uk to report online. This creates an official record and helps police identify patterns. Report the suspicious email itself to the NCSC Suspicious Email Reporting Service at report@phishing.gov.uk — include the full email headers and message. If you received the initial contact via SMS or text, forward it to 7726 (free). Contact Citizens Advice consumer helpline on 0808 223 1133 for guidance on your consumer rights and potential recovery options. Your bank should also be notified immediately so they can flag the receiving account and potentially freeze funds. Report the incident to your industry's fraud reporting body if your sector has one (for example, the BBA for banking). Reporting helps authorities track organised fraud networks and protect other UK businesses.

Frequently asked questions

Is invoice redirection a scam, or do suppliers sometimes legitimately change payment details?

Suppliers do occasionally change payment details due to bank changes or business restructuring — but this is always communicated well in advance through multiple channels, not as a sudden urgent invoice. If you're unsure, always phone your supplier using their main number to confirm. Never process a payment based on an email alone, even if the sender claims to be from a trusted supplier.

I've already sent money to what I now think was a fraudster. Can I get it back?

Contact your bank immediately on the number on the back of your card. UK banks can sometimes recover funds within the first 24 hours if the receiving bank cooperates. After 24 hours, recovery becomes much harder, though your bank should still try. Report the fraud to Action Fraud (0300 123 2040) and gather evidence like emails and invoices. Be aware that recovery is not guaranteed, especially if the fraudster has already moved the money overseas.

How can I protect my business from invoice redirection fraud if I receive many invoices from different suppliers?

Implement a verification routine: never pay an invoice without phoning the supplier first on a number from your records, train your accounting team to spot the warning signs (changed bank details, unusual domains, pressure language), use email filtering tools that flag external emails, and keep a master list of supplier contact details and bank account numbers. Consider using authorisation procedures where invoices above a certain amount require approval from a second person.

Who should I report this scam to?

Report to Action Fraud on 0300 123 2040 or actionfraud.police.uk with copies of the invoice and email. Report the email itself to the NCSC at report@phishing.gov.uk. Notify your bank immediately. Contact Citizens Advice on 0808 223 1133 if you need guidance on next steps or consumer rights.

Think you’ve spotted a scam? Use the AI scam checker for an instant analysis, or report it to Action Fraud.