Fraud & Security

Protect your business from invoice redirection

What is Invoice Redirection?

Criminals pose as a creditor or supplier and tell you their company’s bank details have changed. The communication will ask you to make all future payments to a new fraudulent account.

When you pay the invoice, the money goes straight to the fraudster’s bank account.

What to look out for

Treat a request from a supplier or creditor requesting changes to contact information as suspicious. Contact them independently to confirm the request is genuine. Use contact details you have previously authenticated or that have been obtained independently, not those included in the request.

Don’t make any changes to contact or payment details until you’re certain it’s genuine, even if they’re claiming it’s urgent. Check and challenge any request to change account details.

Once you’ve made a payment, confirm with the intended beneficiary that it’s been received.

Actions you can take

  • Share this page with employees and colleagues so they know what to look out for. Put security training in place and build a culture of security awareness in your business.
  • For the latest cyber security advice and resources to support your business, visit the National Cyber Security Centre (NCSC).