Vendor Invoice Fraud — Fake Supplier Payment Request

How This Attack Works

Attackers impersonate a trusted supplier, contractor, or service provider by spoofing or compromising vendor email accounts. They send updated banking details or a fraudulent invoice and request payment to a new account. Accounts payable staff process the payment through normal channels before discovering the vendor's bank details were changed by a criminal.

Red Flags to Watch For

• ✗
  Vendor requests a banking detail change via email alone with no phone confirmation
• ✗
  New bank account is in a different country or state from the established vendor relationship
• ✗
  Invoice formatting, font, or logo differs subtly from historical invoices
• ✗
  Sender email has an extra character, dot, or hyphen compared to the genuine vendor domain
• ✗
  Payment is marked as urgent with a tight deadline — unusual for a routine vendor invoice
• ✗
  Vendor cannot be reached at their established phone number to confirm the change

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

• vendor-invoice-update.comMALICIOUS
• supplier-payment-portal.netMALICIOUS
• accounts-payable-request.comMALICIOUS
• invoice-remit-now.netMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.