What is it?

These scams happen when criminals pose as a regular supplier and persuade you to change the bank account details you hold on file. You’re then tricked into sending money to the account which is controlled by a criminal rather than the genuine supplier.

Criminals carry out extensive research about your business to find out who your suppliers are and when regular payments are due. These scams often involve a criminal intercepting emails, gaining access to your supplier’s email account or spoofing their emails.

The fraud is often only discovered when the legitimate supplier of the product or service chases for non-payment. At that point recovery of the funds from the fraudulent account is very difficult.

How to spot an invoice and mandate scam?

  1. You receive a request out of the blue to change the bank details of an existing supplier
  2. You receive more frequent than usual or duplicate invoices for a product or service

Example of an invoice and mandate scam

Ahmed, a finance manager at a marketing agency, received an invoice for £1,350 from a software company to renew the business’s subscription. The email stated that the invoice was 90 days overdue and immediate payment was required to avoid cancellation. The software was business critical.

Ahmed had several deadlines approaching. With several team members away, he was overstretched and working late most days. Without confirming the bank details with the company, he immediately logged onto his business’s online banking and proceeded to pay the outstanding invoice using the account details provided in the email.

A couple of weeks later, Ahmed received another email from the software company requesting payment for the business’s subscription renewal. Confused he then checked the bank statement and could see he’d made the payment.

Ahmed checked the bank details for XY software stated in previous invoices against those he’d made payment to and realised they were different. He had just lost the business £1,350 due to his carelessness.

If you believe you’ve fallen for a scam, contact your bank immediately on a number you know to be correct, such as the one listed on your statement, their website or on the back of your debit or credit card.

Always remember

Confirm supplier bank details directly with suppliers using their established on-file details before any payments are made


Make sure you don’t step outside your usual payment method even if it’s urgent


When paying a supplier for the first time, transfer a small amount first and check payment has been received directly by the company


Where possible, send remittance advices to suppliers once an invoice has been paid


Ensure that all staff who process supplier invoices or can change bank details check for irregularities in supplier details including changes to supplier names and addresses and changes to invoiced amounts


Be careful with the type of information you share online about your business


Check your business’s bank statements carefully. All suspicious debits should be reported to your bank immediately