Invoice & Payment-Redirection Fraud Defence
Stop scammers redirecting your payments by making "verify before you pay" a non-negotiable habit - especially when bank details change.
When to use
Any time a supplier's or contractor's bank details change, an invoice looks slightly off, someone urgently asks you to pay or update payee details, or you fear "we may have paid a scammer". This scam is often called business email compromise (BEC) or payment redirection.
Steps
1. Treat any change of bank account details as a red flag - it's the number-one sign of payment-redirection fraud. 2. Verify by phoning the supplier on a number you already trust (from a past invoice, the signed contract, or their official website) - never the phone number or reply address on the new invoice or email. 3. Set a call-back rule: confirm all new or changed payee details by voice, and re-verify any payment above a dollar threshold your business chooses. 4. Require two people to approve payments (dual authorisation) for new payees and larger amounts. 5. Be suspicious of urgency and secrecy - "pay today", "I'm in a meeting", "keep this between us" are pressure tactics. 6. Check the sender's email address character by character; look-alike domains (for example .co instead of .com.au) are common. 7. If a payment has already gone out, contact your bank immediately to try to recall the funds, then report to your bank's fraud team, ReportCyber (cyber.gov.au/report) and Scamwatch (scamwatch.gov.au).
When to call a professional
Call your bank straight away for any funds recall, and your IT provider or MSP to check whether an email account was compromised or hidden mailbox forwarding rules were quietly added.
ACSC reference: Aligns with ACSC guidance on business email compromise and protecting your business from scams (cyber.gov.au/smallbusiness).
Want your agent to fetch skills itself? The Academy MCP serves this whole library.
Connect via MCP