Perhaps one of the most significant and damaging types of cyber incidents doesn’t involve ransomware, malware, or services going offline because a datacenter had a configuration mishap. It begins with an ordinary email.
It’s not been heavily featured in the press recently, but there is an ongoing risk of supplier-orientated attacks, where the vendor you engage with has been compromised and is asking for some action from you or your team. This often arrives as a request to make an urgent payment or an invoice arriving in your inbox with one small (yet critical) change, e.g., different bank details.
In these cases, everything normally looks fine and feels right as it’s the same email chain you’ve been using for the last few years. They’ve even signed off with the same cheeky quip at the end that they regularly include.
Fortunately, the encouraging part is that most invoice fraud is preventable if you stick to a structured game plan. Apologies for another checklist, but these actions will become normal once they’re part of your routine.
Take a breath when exchanging money.
When settling any bill or order, pause for a moment and ask yourself, does this make sense? Any email that involves payments, amended bank details, or unusual urgency deserves a pause. If you are being rushed, asked to bypass normal processes, keep things confidential, this should identify your red flag radar, a short pause costs nothing.
Be thorough – check details.
If your vendor is compromised, a lot of your routine red flags would not be there, e.g., strange email addresses or different tone to the message. However, if changes occur, even if subtle or from valid sources, mark it as high risk and treat as such.
Verify, check, and verify again.
Very importantly, engage with your supplier via a different channel. Call them using your contacts mobile number, or use the telephone number from their website, and only speak to your account manager. After all, the attackers could have modified the telephone number on the website and are also impersonating them on the phone!
Use the buddy system.
The burden of cyber responsibility in 2026 now needs to be shared across the entire team, and we all need to help where we can, including being part of the process to help identify issues. If you’ve flagged something, ask a colleague for support. Most large losses I’ve reviewed happened when one person was isolated, was pushed into doing something in a rush, or under pressure from a more senior person to get something done. These can all be mitigated with reasonable control and discipline.
If you are being rushed, asked to bypass normal processes, keep things confidential, this should identify your red flag radar, a short pause costs nothing.
Build the habit
The key proponent of invoice fraud isn’t to exploit technology systems, it is to subvert them and compromise humans. That’s why the best defense isn’t complicated software, but simple, repeatable habits.
Pause, check, verify, buddy up.
Sixty seconds of care is often all it takes to stop a mistake that could take months to recover from.
Environment controls
The steps listed above are a quick and simple crash course on how you (and your teams) can help prevent malicious compromise. However, they are only part of the picture. Protecting your core platforms such as Microsoft 365 is critical and can often prevent the team of being a victim of a cyber threat.
Our cybersecurity services help make these habits easier to sustain and are less reliant on luck or how you’re feeling on any given day.
We focus on keeping the underlying cyber controls in your Microsoft 365 environment correctly configured and maintained over time. That includes:
- Visibility over email threats,
- Identity protection,
- Reporting capability,
- Regular insight into how your security posture is holding up as the threat landscape changes.
In practice, that means fewer gaps, clearer signals when something is wrong, and support when you need a second view. Good user judgement will always matter, but it works far better when it sits on top of well‑looked‑after security foundations.
For those looking to get started or refresh your current posture, please get in touch and we can talk you through how can help you maintain productivity, reduce risk, and manage your costs.
Thank you for being part of the community. Here’s to a safe, successful, and secure year ahead.
If you have any questions or we can help with anything, please feel free to reach out.
Jordan Gall