Payment diversion fraud — sometimes called invoice fraud or business email compromise — occurs when criminals intercept communications between your business and a supplier, lender, or client, then redirect payments to an account they control. It is among the most financially damaging frauds affecting UK limited companies.
How the attack typically unfolds
A fraudster monitors your email — often after compromising one mailbox — and identifies an expected payment. They then send a message appearing to come from the legitimate party (or from you, to your own finance team) stating that bank details have changed. The payment is made to the fraudster's account, and the loss is often difficult to recover.
Indicators your business may be targeted
- Unexpected emails from a supplier or lender informing you of changed payment details
- Email addresses that look almost right but contain small differences: a character substitution, an extra letter, or a different domain suffix
- Unusual urgency — requests to make a payment outside your normal cycle or before a deadline that did not previously exist
- A phone number in the email that, when called, connects you to the fraudster rather than the genuine party
Preventive controls
Implement a mandatory call-back policy: any changed payment details must be verified by calling the supplier or lender on a number sourced independently — from their official website or your existing records — before any funds move. For high-value transactions, require a second authoriser. Train all staff involved in payments to follow this process without exception, including for apparently urgent requests from senior figures within your own business.
We lend only to UK limited companies and LLPs, and the loan is to the company with no director personal guarantee. As business finance outside the consumer-credit regime, it is not covered by the Financial Ombudsman Service or FSCS.
See also: What are the safe ways to make repayments to Credicorp?, What will Credicorp never ask me for?.