Check the fraud signals on a bank account change request before you pay — free risk score and call script.
Check every box that applies to this payment change request.
Does the new account country match where you normally pay this vendor?
Fraudsters often use subtly altered company names. Compare what you expected vs. what appears on the new payment details.
Checks if you've paid this account number before in this browser, and whether the name changed.
Complete the checklist and details on the left, then run checks to see the risk assessment and verification call script.
Business Email Compromise (BEC) — sometimes called vendor payment fraud or invoice fraud — is when a criminal impersonates a supplier, vendor, or colleague and convinces a business to send a payment to a fraudulent bank account instead of the real one. It's one of the costliest forms of cybercrime globally precisely because it doesn't require hacking any systems — just convincing a human to update a bank detail.
Fraudsters typically compromise or spoof a vendor's email account, then send a message — often timed to coincide with a real invoice — claiming the vendor has "changed banks" and providing new account details. Sometimes they register a look-alike domain to make the email address look authentic at a glance. The request often includes urgency: an approaching deadline, a threat of late fees, or pressure to skip normal approval steps.
Business email compromise and authorised push payment (APP) fraud cost UK businesses over £145 million a year, and the FBI's Internet Crime Complaint Center has tracked billions of dollars in BEC losses in the US annually. Unlike card fraud, banks often cannot reverse these payments once sent, because the customer authorised the transfer themselves — the money simply moves to the fraudster's account and is typically withdrawn within hours.
1) The request arrived via a new or unfamiliar contact channel. 2) You haven't independently called the vendor back on a number from your existing records. 3) The message pressures you to act quickly or bypass normal approval. 4) The new account is in a different country than where you've always paid this vendor. 5) The beneficiary name is subtly different from what you have on file — even a one-character difference is a major red flag. The checker above walks through all five automatically.
If you suspect a fraudulent account-change request, do not click reply on the suspicious email or call any number it contains — instead, contact the vendor using a phone number from your own existing records to confirm independently. If you've already sent a payment, contact your bank immediately and ask them to attempt a SWIFT recall or Faster Payments reversal — speed matters enormously, since funds are often withdrawn within hours. Report the incident to your bank's fraud team and, in the UK, to Action Fraud; in the US, to the FBI's IC3. You should also validate the new account's format using our IBAN or IFSC tools as part of your verification process.
Banqcheq validates payment details before money moves.
Free forever. No credit card required.