Hi, I’m really sorry you’re dealing with that. Yes, this sounds like a payment diversion scam, and it’s important to act quickly.

First steps:

1. Contact your bank immediately and ask them to try to stop, recall, or trace the payment.
2. Tell your finance manager or leadership team right away.
3. Stop acting on the email thread and don’t send any more payments using those details.
4. Contact the subcontractor using a trusted phone number you already had, not the one in the suspicious email.
5. Keep copies of the emails, invoice, payment confirmation, and any bank details sent.

If you’d like, I can help you draft a quick internal incident summary next.

Please don’t be too hard on yourself. These scams are designed to look convincing, especially when they copy real suppliers and expected timings.

Because it was only 40 minutes ago, call the bank now if you can. That’s the most time-sensitive step.

Here’s a simple internal summary you can send:

Subject: Urgent: suspected diverted payment to spoofed supplier account

We’ve identified a suspected invoice/payment diversion incident. A payment was processed today following emailed bank detail changes that appeared to come from a known subcontractor. The genuine subcontractor has now confirmed the bank details were not theirs. Bank contact is required urgently to attempt recall/trace of funds. Relevant emails, invoice records, and payment details are being retained for review.

If you want, I can also draft a message for your bank.

Of course, Sarah.

Message for the bank:

Hello, we need urgent assistance regarding a suspected fraudulent payment made today. The payment was sent following emailed bank detail changes that we now believe were sent from a spoofed email impersonating one of our subcontractors. Please treat this as urgent and advise whether the payment can be stopped, recalled, or traced. We can provide payment reference, amount, account details used, and copies of the related emails immediately.

Message for the subcontractor:

Hello, we’ve identified that a payment intended for your invoice may have been sent to incorrect bank details following a fraudulent email impersonating your business. We’re urgently contacting our bank and reviewing the email trail. Please send us your correct bank details through your usual verified contact process, and we’ll keep you updated.

If you’d like, I can help you make the subcontractor message a bit warmer.

Absolutely — here’s a warmer version:

Hello James, we’ve just discovered that a payment intended for your invoice may have been sent to the wrong bank account after we received a fraudulent email that appeared to come from your business. We’re really sorry about this and are treating it urgently. We’ve contacted our bank and are reviewing everything straight away. When you’re able, please send over your correct bank details through our usual verified process, and we’ll keep you updated as we work through this.

You could also add:

We value our working relationship and wanted to let you know as soon as we understood what had happened.

If you want, I can also help you put together a short checklist so this doesn’t happen again.

Definitely. Here’s a simple team checklist you can share:

Bank detail change checklist

• Never change supplier bank details based only on email.
• Always verify changes by calling a trusted number already on file.
• Use a second person approval step for any payment detail changes.
• Be extra cautious if the request creates urgency or mentions an upcoming payment.
• Check the sender email address carefully for small spelling changes.
• Keep a record of who verified the change, when, and how.
• If anything feels off, pause the payment and escalate internally.

You’ve done the right thing by acting quickly, Sarah. I hope the bank can still help recover it.

If you need, I can turn that into a short staff notice from Pokkit’s companion for easy forwarding on WhatsApp or email.