Payment Scams

Invoice Redirection Scam UK: Spot Fake Payment Requests

Criminals are posing as your suppliers and changing where you send your money — here's how to stop them.

· · · 5 min read

invoice redirection scaminvoice redirection fraudmandate fraud ukbank details changed email scamsupplier bank details scambusiness email compromise ukpayment diversion fraud
Key rule: verify through an official route you opened yourself, not the link, number, app, or payment details supplied by the suspicious message.

What an invoice redirection scam looks like

An invoice redirection scam is often described as mandate fraud or payment diversion fraud. The National Cyber Security Centre also covers this type of targeted payment-change email as a form of Business Email Compromise (BEC), where criminals access or closely imitate a genuine email account and insert themselves into a legitimate payment conversation. An example of the style is: Following an internal audit, please note our bank details have changed. Kindly update your records and send the outstanding invoice payment to the new account below.

Because it arrives inside a real email thread, from an address that looks right, it can pass unnoticed by staff simply processing payments as normal.

Why these emails are convincing

The NCSC notes that Business Email Compromise attacks are targeted rather than mass phishing — criminals research a business, its suppliers, and its senior staff, often using information published on company websites and social media, to make the request look routine. Because the email arrives within a genuine, ongoing conversation, urgency isn't even necessary; it simply looks like normal business.

The reliable defence is behavioural, not visual: never change payment details based on an email alone, no matter how convincing it looks.

Signs an invoice or payment-details email is a scam

  • A request to change bank details arrives by email only, with no phone call or other verification offered.
  • The request cites a vague reason, such as an "internal audit" or "new bank", without further detail.
  • The sender's email address is very close to, but not exactly, the genuine supplier's domain.
  • The email pushes for the change to be made quickly, ahead of an upcoming payment.
  • A phone number given in the email, for "verification", is new or unfamiliar rather than one you've used before.
  • The request affects an account your business deals with regularly, and involves a real, expected invoice.

How the scam works step by step

First, criminals gain access to a genuine email account — often the supplier's, sometimes the paying business's — or closely imitate it with a lookalike domain. Second, they insert a bank-details change into a real, ongoing invoice conversation. Third, the payer's finance team, seeing a normal-looking email, updates its records and pays the invoice to the new account. Fourth, the money reaches the fraudster's account and is moved on quickly, often before the fraud is noticed.

Verifying any bank-detail change by phone, on a number sourced independently of the email, breaks the chain at the third step.

How to verify a bank-details change safely

Do not update payment details or pay an invoice based on an email request alone.

  • Call the supplier using a phone number you already have on file, from their official website, or from a previous invoice — never a number given in the request itself.
  • Ask to speak to a known contact, and confirm both the change and the specific invoice being paid.
  • Review your business's payment process, not just the one transaction — require a second person to verify any change to supplier bank details before it takes effect.
  • Keep invoices and payment mandates stored securely, accessible only to staff who need them.

If you've already paid a fraudulent account

Contact your bank immediately, using its official contact details, and ask it to attempt to recall the payment — acting within hours meaningfully improves the chance of recovery. If you sent money by UK bank transfer on or after 7 October 2024, mandatory APP fraud reimbursement rules may apply to Faster Payments and CHAPS transfers, subject to a 13-month claim window, a maximum claim of £85,000, and a possible excess of up to £100.

Also contact the genuine supplier directly, by phone, so they know their name was used and the real invoice remains unpaid.

How to report an invoice redirection scam (UK)

Report it to Report Fraud at reportfraud.police.uk or on 0300 123 2040 if you are in England, Wales, or Northern Ireland — this is the same route for individuals and businesses. In Scotland, report to Police Scotland on 101, or use gov.uk/report-cyber for the National Cyber Security Centre's guidance on next steps.

If the request arrived by a suspicious link or attachment, forward it to the NCSC at report@phishing.gov.uk.

Frequently asked questions

Is invoice redirection fraud the same as mandate fraud?

The terms overlap, but they are not exact synonyms. Invoice redirection is commonly described as mandate fraud or payment diversion fraud; the NCSC treats this kind of targeted payment-change email as a form of Business Email Compromise.

How do I check if a bank-details-change email is genuine?

Call the supplier using a phone number you already have — from their official website, a business card, or a previous invoice — never a number given in the request itself. Confirm the change verbally before updating any records.

We've already paid an invoice to the wrong account — can we get the money back?

Contact your bank immediately and ask it to attempt a recall; acting within hours improves the chance of success. Eligible UK transfers since 7 October 2024 may also qualify for APP fraud reimbursement, subject to limits and exclusions.

What's the single most effective check against this scam?

Never change payment details based on an email alone. A phone call to a number you already trust, not one supplied in the request, is what breaks the scam.

How do we report invoice redirection fraud as a business?

Report it to Report Fraud at reportfraud.police.uk or 0300 123 2040 — the same route covers individuals and businesses. Also notify your bank immediately if a payment has already been sent.

Think you’ve spotted a scam? Use the AI scam checker for an instant analysis, or report it to Action Fraud.

Reporting routes in this guide are checked against our verified canon of official UK sources — Action Fraud, the National Cyber Security Centre, and Citizens Advice — by an automated accuracy gate before publication. Fact-checked and updated by , Founder & Editor, on 2026-07-03. Read about how Beat the Scam writes guides.