'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Money & financial emergencies vendor bank details changed • invoice bank change request • pay by wire only demand • pay by crypto demand • urgent invoice payment pressure • accounts payable fraud • payment diversion scam • business email compromise • bec scam vendor • vendor impersonation email • spoofed invoice email • payment instructions changed • new bank account for vendor • wire transfer recall • crypto address on invoice • fraudulent invoice concern • vendor email hacked • verify vendor payment details • wire fraud prevention • invoice payment scam What to do if…
What to do if…
a supplier insists you must pay an invoice by wire or crypto because “bank details changed”
Short answer
Stop and verify the payment change using a trusted contact method you already had for the vendor (not the contact details in the email). If you already sent money, contact your financial institution immediately and report to IC3.
Do not do these things
- Do not wire funds or send crypto to “new details” just because you’re being threatened with late fees or service cut-off.
- Do not “verify” using the phone number, link, or reply-to address in the message that requested the change.
- Do not keep the conversation going in the same email thread as proof (a compromised account can look normal).
- Do not approve a new payee, change ACH/wire templates, or bypass your normal approval rules to get it done faster.
- Do not share login codes, MFA prompts, or banking authentication details with anyone who contacted you first.
- Do not delete messages or payment screens—save them.
What to do now
- Freeze the payment internally. Mark the invoice “hold—bank detail verification” and notify anyone who can release wires/ACH that payment is paused.
- Verify the vendor using known-good contact info you already had. Call a number from your vendor master record, contract, prior invoice on file, or a vendor portal you access independently. Avoid any contact details in the change request.
- Ask verification questions that don’t rely on the suspicious message. For example:
- “Did your bank details change and why?”
- “Please confirm invoice number, amount, and PO/reference without me prompting.”
- “Confirm a partial identifier of the prior payment destination we used (partial only).”
- Treat “wire or crypto only” as suspicious unless it matches your contract and past behavior. If you’ve always paid by check/ACH/card, don’t switch under pressure.
- Compare against your records before you set up a new payee. Match requested details to your vendor onboarding file and prior payments. If anything differs or the change isn’t documented/approved, keep the hold.
- Require out-of-band confirmation + your normal change process. Use a call-back to a known number, a second-person approval, and your standard vendor-change documentation before any new payment details are used.
- If you suspect compromise, limit spread fast. Alert IT/security to check for mailbox compromise (unexpected forwarding rules, lookalike domains, unusual login alerts) and to warn anyone else who might pay that vendor.
- If you already sent a wire or ACH: act immediately.
- Call your bank right away and ask them to attempt recovery and to contact the receiving financial institution immediately. For wires, ask about a wire recall request (not guaranteed). For ACH, ask whether a stop/return is still possible based on status and timing.
- Write down your bank case number and the exact time you called.
- If you already sent crypto: contact the exchange/platform you used immediately and report suspected fraud; save the transaction hash and destination address. Crypto transfers are typically hard to reverse.
- Report it. File a complaint with the FBI’s Internet Crime Complaint Center (IC3) and keep the reference details for your bank, insurer, and internal records.
- Preserve evidence. Save the invoice, the bank-change request, attachments, sender addresses/domains, payment instructions, and screenshots of the payment confirmation pages (without exposing passwords).
What can wait
- Debating whether the vendor is “at fault” or renegotiating terms—first prevent or contain loss.
- Sending formal demand letters or starting legal action.
- Perfecting internal policy changes; for now, use your existing approval process plus the temporary hold/verification step.
Important reassurance
This type of vendor-payment diversion is common and can fool careful people, especially when messages look legitimate and urgent. Pausing to verify is an expected control, not an overreaction.
Scope note
This covers immediate first steps to prevent an irreversible transfer and to trigger rapid recovery/reporting. Longer-term steps (insurance, legal options, vendor management, security hardening) come after the urgent phase.
Important note
This is general information, not legal, financial, or cybersecurity advice. Bank procedures and recovery options vary and are not guaranteed. Using trusted contact routes and contacting your financial institution immediately are often the safest first moves.