How a Simple Email Change Sent Payment to a Criminal

This scam works because it looks boring.

A vendor emails saying their bank details changed. The message looks like previous emails. Same logo. Same tone. Same signature.

Someone updates the payment info and sends money.

The real vendor never receives it.

How This Happens

Attackers often don’t break systems — they sneak into email accounts.

They watch conversations quietly for weeks, waiting for invoices or payment timing.

Then they send one message at exactly the right moment.

Why Businesses Miss It

Email feels personal and trustworthy.

But email wasn’t designed to prove identity. Anyone can make a message look convincing.

The Simple Fix

Smart businesses use a second confirmation step:

Call a known phone number

Verify changes outside email

Require two approvals for payment changes

This tiny process prevents huge losses.

Security isn’t only about technology. Sometimes it’s about slowing down a process that feels routine.