Invoice redirection scams are one of the most financially damaging fraud tactics affecting Irish businesses today — particularly small and medium-sized enterprises (SMEs) that often lack robust payment verification procedures. These scams are clever, subtle, and can catch even the most diligent finance team off guard.
In this post, we’ll break down how invoice redirection scams typically work, and more importantly, outline clear procedures your business can follow when a supplier asks to change their bank details.
What Is an Invoice Redirection Scam?
An invoice redirection scam, sometimes called mandate fraud, occurs when a criminal tricks a business into changing the bank account details of a genuine supplier — redirecting payments to a fraudulent account controlled by the scammer.
Here’s how it usually works:
- The Set-Up: The scammer monitors your communications, often through email account compromise or social engineering, to identify payment patterns and key suppliers.
- The Deception: They pose as a legitimate supplier and send an email requesting a change in bank account details — often using a lookalike email address or even compromising the real supplier’s email account.
- The Pay-Out: Your accounts team updates the supplier’s details and processes the next invoice payment — but the funds go directly to the fraudster’s account.
By the time the real supplier starts asking why they haven’t been paid, the money is long gone.
Why This Scam Works So Well
What makes this scam particularly dangerous is that it doesn’t rely on malware or brute-force attacks. It uses trust, timing, and a dash of social engineering.
Scammers often study their victims carefully, learning supplier names, invoice due dates, and internal approval chains. The fake emails they send often look just like the real thing — complete with signatures, logos, and familiar language.
Unless your team is trained to spot red flags and follows strict verification procedures, these scams are frighteningly easy to fall for.
Tips for Verifying Supplier Bank Detail Changes
To protect your business from invoice redirection scams, follow these practical steps every time a supplier requests a bank account change:
1. Always Call to Confirm – Using Trusted Details
Never rely on the contact details included in an email requesting bank changes. Always use the contact number you’ve previously saved for the supplier — or look it up on their official website. Speak to someone you know and trust in their accounts department.
It might feel like an extra step, but a 2-minute phone call could save your business tens of thousands of euro.
2. Verify in Writing – But Not by Email Alone
After a verbal confirmation, request a written confirmation of the change. This adds a second layer of verification and ensures there’s a documented trail of the request. However, don’t rely on email alone for verification — especially if that’s how the initial request came in.
3. Use a Supplier Change Request Form
Implement a standardised form in your company that must be completed for any supplier banking changes. This form should include:
- Supplier name and contact
- Previous bank details
- New bank details
- Date of request
- Name of internal staff member processing the change
- Signature of authorised approver
Make it company policy that no change is processed without this form completed and signed off.
IT Procedures to Support Fraud Prevention
While people are the first line of defence, your IT systems play a huge role in preventing and detecting fraud attempts.
At CK Computer Solutions, we help businesses across Dublin and beyond implement secure email systems, employee training, and fraud monitoring tools. Here’s how we can help:
- Email Filtering & Monitoring: We’ll help ensure phishing emails and spoofed domains are blocked before they ever hit your inbox.
- Multi-Factor Authentication (MFA): Adding MFA to your email systems makes it much harder for criminals to compromise staff accounts.
- Audit Trails & Access Controls: We’ll help you implement IT controls to track who’s accessing sensitive supplier and finance data — and when.
- Cybersecurity Awareness Training: We’ll train your staff to spot suspicious emails, verify requests, and follow secure processes confidently.
We’re not just here to install software — we’re your trusted managed IT services provider. We’ll work closely with your finance and procurement teams to integrate technology with policy and process.
Red Flags to Watch Out For
Train your team to stay alert for the following warning signs:
- Urgent or last-minute requests to change payment details.
- Poor grammar or formatting in emails, especially from regular contacts.
- Slight variations in email addresses (e.g. suppliername@companny.com instead of company.com).
- Emails that skip personal greetings or use vague language.
- Requests that pressure staff to “just process this quickly.”
If something feels off — trust your gut and verify independently.
Invoice redirection scams can be devastating — but they’re also preventable with the right mix of process, technology, and awareness.
Take the time to build and enforce procedures around supplier bank changes. Train your staff regularly. And make sure your IT systems are properly set up to detect and block threats before they cause damage.
At CK Computer Solutions – Managed IT Services Dublin, we can help you review and strengthen your internal controls, protect your email systems, and provide ongoing training for your team. Whether you’re a small local business or a growing SME, we’re here to help you stay safe, smart, and secure.
Need help locking down your systems or training your team against invoice scams?
Get in touch with CK Computer Solutions today – and let’s build a safer digital foundation for your business.