What Is Supplier Impersonation Fraud & How to Spot It?

Criminals are quietly hijacking the trust between businesses and their suppliers, slipping fake invoices and 'updated' bank details into normal payment workflows. By the time anyone notices, the money is gone and unrecoverable. Verifying one phone number could save you six figures.

What Is Supplier Impersonation Fraud & How to Spot It?
Quick Answer
Supplier impersonation fraud happens when criminals pose as a vendor you already trust, then send a real-looking invoice or a request to 'update' the bank details on file. Your accounts team pays as normal, but the money lands in the scammer's account. The single best defense is a callback rule: verify every bank detail change by phone using a number you already have, never the one in the email.

The Invoice That Looked Exactly Right

€180,000 lost in a single rerouted payment

A mid-size manufacturer in Germany received an email in 2024 from a parts supplier they'd worked with for nine years. Same logo, same contact name, same signature block. The message said the supplier had switched banks and asked for the next payment to go to a new account. Nothing felt off. The amount matched an outstanding order. The accounts team updated the record and paid roughly €180,000.

The real supplier never sent it. Criminals had been reading the email thread for weeks after compromising a single inbox, then jumped in at the exact moment a payment was due. By the time the genuine supplier chased the overdue invoice, the money had already been pulled out through a chain of mule accounts.

This kind of attack has become an operational risk for industrial manufacturers. Connected procurement systems and automated invoice processing mean a fake invoice can flow through without a human ever questioning it. The attack works because it rides on a relationship that's real.

💡 Key Insight: The fraud succeeds precisely because everything about it looks legitimate except one bank account number.

How Criminals Climb Inside a Real Conversation

Mule networks can move stolen funds in under 2 hours

This isn't a random spam blast. It's patient and surgical. The typical sequence:

1. **Break in quietly.** Attackers phish login credentials for one email account at either the supplier or your company. Often it's a small supplier with weak security. 2. **Watch and wait.** They set up hidden inbox rules to auto-forward or hide certain messages, then read months of real correspondence to learn names, tone, and payment cycles. 3. **Strike at payment time.** When a genuine invoice is due, they either edit the bank details on the real invoice or send a 'we changed banks' notice from a lookalike domain. Think suppl1er.com instead of supplier.com. 4. **Cash out fast.** The funds move through mule accounts within hours, often crossing borders before any alarm sounds.

The lookalike domain trick is what most people miss. A swapped letter, an added hyphen, a .co instead of .com. Your eye reads what it expects. I've watched finance staff stare at a fake domain for ten seconds and still not catch it, because their brain auto-corrected it to the name they already knew.

💡 Key Insight: Attackers don't fake the relationship, they hijack a genuine one already in progress.

Why Smart People Pay Without Blinking

Most BEC losses involve invoices that matched a real, expected payment

If you think only careless companies fall for this, you're wrong. The victims are usually competent finance teams doing exactly what they're trained to do: process valid invoices quickly.

Three forces line up against you. First, authority and familiarity. The request comes from a known vendor with a real history, so skepticism never switches on. Second, timing. The scam hits when a payment is genuinely expected, so it slots into the workflow instead of standing out. Third, automation. Many manufacturers now run accounts payable through systems that match invoices to purchase orders and pay with minimal human review. A fraudulent invoice with the right reference number sails straight through.

Add plain busyness. An overworked clerk processing 200 invoices a week is not forensically inspecting domain names. The scammers count on that volume.

Here's the hard truth: stronger automation can make you more exposed, not less. It removes the human pause where someone might have asked 'wait, did they really change banks?' Speed is the vulnerability.

💡 Key Insight: Efficiency is the attack surface. The faster you pay, the easier you are to rob.

What To Do Before Your Next Payment Run

A single verification call costs under €1 and can stop a €100k+ loss

You can shut most of this down with process, not expensive software. Do these today:

- **Mandate a callback for any bank detail change.** No exceptions. Call the supplier on a number you already have on file, never the one printed in the new email. This rule blocks the majority of attacks. - **Set a two-person sign-off** for any new or changed payee above a threshold you choose, say €5,000. - **Flag lookalike domains automatically.** Most email platforms (Microsoft 365, Google Workspace) let you tag external senders and warn on newly registered domains. Turn it on. - **Verify the change request is unprompted.** Real banking changes are rare. Treat every one as suspicious until proven otherwise. - **Train staff with actual examples**, not generic 'beware of phishing' slides. Show them suppl1er.com next to supplier.com.

One thing that actually fails: the callback rule only works if people actually do it under deadline pressure. Month-end closing is a crunch. Someone will skip the step unless it's built into the payment system as a hard block that can't be bypassed.

💡 Key Insight: Phone the number you already trust. The whole scam collapses on that one call.

Key Takeaways

🎯Supplier impersonation fraud cost one German manufacturer roughly €180,000 in a single rerouted payment, and the funds were unrecoverable within hours.
📌Attackers compromise one email inbox, read months of real correspondence, then strike at the exact moment a genuine invoice is due.
Automated invoice processing makes you more vulnerable, not less, because it removes the human pause where someone questions a bank change.
🔑Verify every bank detail change by calling a phone number you already have on file, never the number in the email requesting the change.
💎As procurement systems get more automated and AI-generated emails get more convincing, expect this fraud to scale fast across manufacturing supply chains by 2027.

FAQ

Q: How can I tell if a supplier's bank change request is fake?
A: Treat every unprompted bank change as fraudulent until you confirm it by phone using a number already on file, not one from the new email. Real suppliers change banks rarely, so a sudden 'we switched accounts' notice during a payment cycle is a red flag worth a 60-second call.

Q: Isn't this just regular phishing I already know about?
A: It's more dangerous because it comes from inside a real, ongoing conversation with a vendor you trust, not a stranger. The attacker often controls a genuine inbox, so the email passes every instinct check, which is why even experienced finance teams pay without suspicion.

Q: Where do I start if I run a small company with no security team?
A: Start with one written rule today: no bank detail change gets actioned without a verbal callback to a known number. Then turn on external-sender warnings in your email platform, which takes about ten minutes in Microsoft 365 or Google Workspace settings.

Conclusion

Supplier impersonation fraud isn't a far-off threat for big corporations. It's hitting ordinary manufacturers and small businesses right now, and the money rarely comes back. Before your next payment run, write one rule and tell your team: any change to a supplier's bank details requires a phone call to a number you already have, full stop. That single habit costs nothing and stops the most expensive scam most companies will ever face.

  • How Are AI Deepfakes Fooling Bank Security?
    Banks built their fraud detection around human behavior patterns. AI fraudsters have learned to perfectly mimic those patterns. The result: billions lost while security systems wave the transactions through as legitimate.
  • How Are AI Deepfakes Impersonating Real Doctors?
    Scammers are using AI to clone real doctors' faces and voices, then using those deepfakes to sell fake treatments, steal patient data, and drain bank accounts. The technology is cheap, the fakes are convincing, and most people have no idea it's even possible. Here's what you need to know right now.
  • How Are AI Deepfakes Used in Romance Scams?
    Romance scammers are now using real-time AI deepfake video and cloned voices to impersonate attractive strangers — and sometimes even your own family members. The technology costs less than $20/month and is shockingly convincing. Here's what the attack looks like and how to protect yourself today.