Invoice redirection scams are one of the most financially damaging fraud tactics affecting Irish businesses today — particularly small and medium-sized enterprises (SMEs) that often lack robust payment verification procedures. These scams are clever, subtle, and can catch even the most diligent finance team off guard.

In this post, we’ll break down how invoice redirection scams typically work, and more importantly, outline clear procedures your business can follow when a supplier asks to change their bank details.


What Is an Invoice Redirection Scam?

An invoice redirection scam, sometimes called mandate fraud, occurs when a criminal tricks a business into changing the bank account details of a genuine supplier — redirecting payments to a fraudulent account controlled by the scammer.

Here’s how it usually works:

  1. The Set-Up: The scammer monitors your communications, often through email account compromise or social engineering, to identify payment patterns and key suppliers.
  2. The Deception: They pose as a legitimate supplier and send an email requesting a change in bank account details — often using a lookalike email address or even compromising the real supplier’s email account.
  3. The Pay-Out: Your accounts team updates the supplier’s details and processes the next invoice payment — but the funds go directly to the fraudster’s account.

By the time the real supplier starts asking why they haven’t been paid, the money is long gone.


Why This Scam Works So Well

What makes this scam particularly dangerous is that it doesn’t rely on malware or brute-force attacks. It uses trust, timing, and a dash of social engineering.

Scammers often study their victims carefully, learning supplier names, invoice due dates, and internal approval chains. The fake emails they send often look just like the real thing — complete with signatures, logos, and familiar language.

Unless your team is trained to spot red flags and follows strict verification procedures, these scams are frighteningly easy to fall for.


Tips for Verifying Supplier Bank Detail Changes

To protect your business from invoice redirection scams, follow these practical steps every time a supplier requests a bank account change:

1. Always Call to Confirm – Using Trusted Details

Never rely on the contact details included in an email requesting bank changes. Always use the contact number you’ve previously saved for the supplier — or look it up on their official website. Speak to someone you know and trust in their accounts department.

It might feel like an extra step, but a 2-minute phone call could save your business tens of thousands of euro.

2. Verify in Writing – But Not by Email Alone

After a verbal confirmation, request a written confirmation of the change. This adds a second layer of verification and ensures there’s a documented trail of the request. However, don’t rely on email alone for verification — especially if that’s how the initial request came in.

3. Use a Supplier Change Request Form

Implement a standardised form in your company that must be completed for any supplier banking changes. This form should include:

  • Supplier name and contact
  • Previous bank details
  • New bank details
  • Date of request
  • Name of internal staff member processing the change
  • Signature of authorised approver

Make it company policy that no change is processed without this form completed and signed off.


IT Procedures to Support Fraud Prevention

While people are the first line of defence, your IT systems play a huge role in preventing and detecting fraud attempts.

At CK Computer Solutions, we help businesses across Dublin and beyond implement secure email systems, employee training, and fraud monitoring tools. Here’s how we can help:

  • Email Filtering & Monitoring: We’ll help ensure phishing emails and spoofed domains are blocked before they ever hit your inbox.
  • Multi-Factor Authentication (MFA): Adding MFA to your email systems makes it much harder for criminals to compromise staff accounts.
  • Audit Trails & Access Controls: We’ll help you implement IT controls to track who’s accessing sensitive supplier and finance data — and when.
  • Cybersecurity Awareness Training: We’ll train your staff to spot suspicious emails, verify requests, and follow secure processes confidently.

We’re not just here to install software — we’re your trusted managed IT services provider. We’ll work closely with your finance and procurement teams to integrate technology with policy and process.


Red Flags to Watch Out For

Train your team to stay alert for the following warning signs:

  • Urgent or last-minute requests to change payment details.
  • Poor grammar or formatting in emails, especially from regular contacts.
  • Slight variations in email addresses (e.g. suppliername@companny.com instead of company.com).
  • Emails that skip personal greetings or use vague language.
  • Requests that pressure staff to “just process this quickly.”

If something feels off — trust your gut and verify independently.

Invoice redirection scams can be devastating — but they’re also preventable with the right mix of process, technology, and awareness.

Take the time to build and enforce procedures around supplier bank changes. Train your staff regularly. And make sure your IT systems are properly set up to detect and block threats before they cause damage.

At CK Computer Solutions – Managed IT Services Dublin, we can help you review and strengthen your internal controls, protect your email systems, and provide ongoing training for your team. Whether you’re a small local business or a growing SME, we’re here to help you stay safe, smart, and secure.


Need help locking down your systems or training your team against invoice scams?
Get in touch with CK Computer Solutions today – and let’s build a safer digital foundation for your business.



1. Start with a Baseline Simulation

Before launching any custom campaigns, it’s smart to begin with a baseline simulation. This provides a clear, honest view of your organisation’s current exposure to phishing threats.

It helps you identify which users are most likely to click malicious links, who might give away credentials, and who reports suspicious content as they should. That initial data becomes the benchmark for future training and gives you a solid foundation to build on.

Choose a realistic phishing template that mirrors something your team might see in their inbox, such as a Microsoft sign-in page or a delivery notification. These templates create a believable scenario, helping you measure responses in a real-world context.


2. Target by Department or Role

A blanket approach to phishing simulation rarely hits the mark. Different departments face different types of threats—what tricks an HR manager might fall for won’t necessarily fool someone in finance.

Tailor simulations to specific roles or teams. For instance, the finance department could receive an email mimicking a supplier invoice. Meanwhile, HR might get a phoney job application with a dodgy attachment. These targeted campaigns improve relevance and allow staff to train against the threats they’re most likely to encounter.

Not only does this increase the effectiveness of the simulation, but it also makes your employees feel like the training is actually applicable to their role—something they’ll take more seriously.


3. Monitor Performance and Spot Trends

One of the strongest features in Microsoft 365’s security suite is the depth of its reporting. You can track who clicked, who entered credentials, who reported the simulation, and how quickly they responded.

This data tells a powerful story. Are certain users repeatedly falling for phishing attempts? Are some departments more vigilant than others? These trends can help you deliver more targeted follow-up training and better allocate resources where they’re most needed.

To stay ahead of the curve, enable automated alerts or schedule regular performance summaries. The quicker you can react to a problem area, the more effective your interventions will be.


4. Deliver Instant Training After a Mistake

When someone clicks a simulated phishing email, make sure the training follows immediately. Redirect them to a short training module on the spot. When the lesson comes right after the mistake, it tends to stick better.

This isn’t about shaming anyone—it’s about creating a learning opportunity at the most teachable moment. People are much more open to understanding what went wrong when it’s fresh in their minds.

Keep the training sharp and scenario-based. Short, snappy content works better than long, passive slideshows or videos. The goal is to inform, not to bore or overwhelm.


5. Make It a Continuous Process

Cybersecurity training can’t be treated as a one-off event. The threat landscape changes constantly, and attackers are always coming up with new tactics. Your training needs to evolve with them.

Schedule phishing simulations regularly—monthly or quarterly. And always mix it up. Use different email types, target various departments, and rotate through tactics like link-based attacks, file attachments, and credential harvesting.

Routine training keeps awareness high and reduces the chance that your staff will get complacent. The more exposure they have to a variety of threats, the more confident and prepared they’ll be.


6. Reinforce Your Internal Security Policies

Simulated phishing should mirror your real-life security protocols. There’s no point training someone to recognise a suspicious email if you haven’t also shown them the correct steps to take once they do.

Tie the simulations directly into your organisation’s policies. For example, if your policy says not to forward suspect emails, build that into the training. If you have a reporting channel, make sure staff know exactly how to use it during the exercise.

This is a great opportunity to reinforce internal processes—whether that’s escalation procedures, who to contact after clicking something dodgy, or how to report a breach. The simulation becomes both training and policy reminder in one.


How CK Computer Solutions Can Help

At CK Computer Solutions – Managed IT Services Dublin, we don’t just hand you the tools—we help you use them to full effect. As your trusted Managed Service Provider, we can help integrate and manage Microsoft Defender for Office 365 across your organisation.

Our team can:

  • Roll out tailored phishing simulations that suit your team’s structure.

  • Monitor reports and help interpret the results.

  • Provide on-the-spot training content to match your internal policies.

  • Offer ongoing support and improvements to your security training programme.

With CK Computer Solutions in your corner, you’ll turn your staff into a knowledgeable, responsive defence layer—and that’s priceless in today’s threat environment. Let’s work together to make sure your people are ready for anything.



In today’s digital age, online threats like phishing scams and viruses are becoming increasingly sophisticated. They can compromise personal information, steal sensitive data, or even cripple entire businesses. Whether you’re an individual or running a company, staying vigilant and implementing proactive measures is essential.

At CK Computer Solutions, a Managed IT Services provider in Dublin, we help businesses safeguard their operations with cutting-edge cybersecurity solutions. Here’s a comprehensive guide to protecting yourself from phishing attacks and viruses.


Understanding Phishing and Viruses

Phishing is a type of cyber attack where scammers pose as trusted entities to trick victims into revealing sensitive information such as passwords, financial data, or personal details. These attacks often occur via email, text messages, or fake websites.

Viruses, on the other hand, are malicious software programs designed to damage, disrupt, or gain unauthorised access to your systems. They can spread through infected email attachments, untrustworthy downloads, or compromised hardware.


1. Recognising Phishing Attempts

The first line of defence against phishing is awareness. Scammers often use tactics such as:

  • Sending emails that mimic reputable organisations, like banks or online retailers.
  • Including urgent language to prompt quick action (e.g., “Your account will be locked!”).
  • Embedding suspicious links that lead to fake login pages.

Tips to Stay Safe:

  • Always verify the sender’s email address. Legitimate companies won’t use generic domains like Gmail or Yahoo.
  • Hover over links to preview the URL before clicking. Avoid links that look suspicious or overly complicated.
  • Be cautious of unexpected attachments, even from familiar senders.

2. Protecting Against Viruses

Viruses can cause significant harm, from data theft to system crashes. Implement these measures to reduce your risk:

  • Install a Reliable Antivirus: Ensure you have a reputable antivirus program installed and keep it updated regularly.
  • Enable Firewalls: A firewall acts as a barrier between your network and potential threats. This is especially critical for businesses.
  • Avoid Unverified Downloads: Only download software and files from trusted sources, and scan them for malware before opening.

3. Strengthening Passwords and Authentication

Weak passwords make it easier for hackers to gain access to your accounts. Strengthen your security by:

  • Using complex passwords with a mix of letters, numbers, and symbols.
  • Changing passwords regularly and avoiding reuse across accounts.
  • Enabling two-factor authentication (2FA) for an added layer of protection.

For businesses, CK Computer Solutions offers password management solutions to simplify secure password creation and management for teams.

4. Educating Yourself and Your Team

Many cyber attacks succeed due to human error. Regular training and awareness campaigns can significantly reduce risk.

For individuals: Stay updated on the latest phishing trends and scams.
For businesses: CK Computer Solutions provides tailored cybersecurity training to educate employees about recognising and responding to threats.


5. Backing Up Data Regularly

In the event of an attack, having a recent backup can save you time, money, and stress. Use these best practices:

  • Automate regular backups to ensure all critical data is saved.
  • Store backups securely, both locally and on cloud platforms.
  • Test your backup restoration process periodically to ensure it works when needed.

CK Computer Solutions can assist with automated backup solutions, giving you peace of mind that your data is protected.


6. Using Managed IT Services

For businesses, outsourcing IT management is one of the most effective ways to protect against phishing and viruses. As a trusted MSP in Dublin, CK Computer Solutions can:

  • Monitor your systems 24/7 for unusual activity.
  • Provide advanced threat detection and prevention tools.
  • Ensure compliance with data protection regulations.
  • Respond quickly to any security breaches, minimising downtime and data loss.

7. Keeping Software Updated

Outdated software can be a gateway for cybercriminals. Regular updates patch vulnerabilities and improve security.

  • Enable automatic updates for operating systems and applications.
  • Schedule regular IT reviews to ensure your systems are up-to-date.

CK Computer Solutions helps businesses manage updates seamlessly, ensuring all software is current without disrupting workflows.


8. Acting Quickly in Case of a Breach

If you suspect a phishing attack or virus infection:

  1. Disconnect the affected device from the internet immediately.
  2. Change your passwords and notify your IT team or service provider.
  3. Scan your system with antivirus software to identify and remove threats.

For businesses, having a disaster recovery plan in place is vital. CK Computer Solutions offers customised solutions to ensure a swift recovery from security incidents.


Final Thoughts

Cyber threats like phishing and viruses are constantly evolving, but with the right precautions, you can significantly reduce your risk. Whether you’re securing your personal devices or protecting your business, a proactive approach to cybersecurity is key.

At CK Computer Solutions, we specialise in integrating advanced IT security solutions tailored to your needs. Contact us today to learn how we can help protect your business from online threats.


Contact Us