This email was trying to exploit a business process: invoice payment. Attackers often impersonate vendors to request wire transfers.
Invoice Phishing Tactics
- Emails claiming to be from a vendor you work with
- Requests to pay invoices via email links
- Claims that banking details have changed
- Urgency around payment ("payment overdue," "late fees")
- Wire transfer requests (hard to reverse)
Red Flags in Invoice Emails
- Slightly different sender email than usual (e.g., acme-accounting@gmail.com vs acme.com)
- Changed banking information without official notice
- Payment requests outside normal processes
- Unfamiliar invoice numbers or amounts
Invoice Safety Process
- Only pay invoices through your known Accounts Payable system
- Verify vendor identity by calling known phone numbers (not email-provided ones)
- If banking details change, verify through a separate communication channel
- Report suspicious vendor emails to {{team}}