⚠️ KCCS SECURITY GUIDE — PLEASE READ & SHARE
🧾

The Vendor Email That Changes Bank Accounts

Business owners: one email saying "we've updated our banking details" can send your next five-figure payment straight to a criminal. It's called business email compromise, and it torches companies.

THE ONE RULE

Verify every payment change BY PHONE at a number you already have.

Not by replying to the email. Not at the number in the email signature, that's the scammer's number. Call your contact at the number already in your records before a single dollar moves to new banking details.

1 How it works

1

A real email account gets compromised

A vendor's (or your own) mailbox is quietly breached, often via phishing. The crook reads invoices and payment threads for weeks, learning names, amounts, and timing.

⬇️
2

The perfectly-timed email arrives

From the real vendor's real address, or one letter off: "Please note our updated banking information for the attached invoice." Same logo, same signature, expected amount.

⬇️
3

Your bookkeeper updates the account

It looks completely routine. The next payment, sometimes tens of thousands, goes to the criminal's account.

⬇️
4

Nobody notices until the vendor calls

"Where's our payment?" By then the money's been moved through mule accounts. Recovery windows are measured in hours, not weeks.

2 Red flags

🚩
ANY email changing payment details, bank accounts, or remittance addresses.
🚩
A sender domain one letter off: acrne-supply.com instead of acme-supply.com.
🚩
New urgency around an otherwise normal invoice, or "please handle discreetly."
🚩
A reply chain that looks real. Crooks forward genuine threads they stole.
🚩
Wire instructions to a bank that doesn't match the vendor's location or history.

3 Protect yourself

Make it policy: no payment detail changes without a phone call to a known number. No exceptions, even for the boss.

Call the vendor using the number in your records or on their real website. Never the one in the email.

Turn on two-factor for company email. Most of these start with one phished mailbox.

Slow your payables down one beat. A 10-minute verification habit beats a $40,000 loss.

Tell your bookkeeper about this scam today. They're the target, and they can't dodge what they've never heard of.

4 Already happened? Do this now

  1. Call your bank NOW and request a wire recall. The first hours decide everything.
  2. Report to ic3.gov (FBI). They can sometimes freeze funds through the Financial Fraud Kill Chain.
  3. Tell the vendor. Their email may still be compromised and hitting other customers.
  4. Have both companies' email audited before resuming normal payments.

📣 Please share this page

Send it to coworkers, family, anyone with a computer. Thirty seconds of reading is real protection.

More free guides: mypueblopc.com/tips

Worried about your business?

KCCS installs, secures, and watches business systems all over Southern Colorado. Get a free assessment — a real engineer walks your site and hands you a written punch list.

Email [email protected]

Or call 719-530-4040 · Response within 2 business hours