Scam Radar

How can you recognize Supplier account takeover — email from supplier's real mailbox?

Published

TLDR

Scammer compromises your supplier's email mailbox (phishing/credential stuffing) and from there sends an invoice/payment request with a changed IBAN. The email ACTUALLY comes from the supplier (correct domain, authentic headers,...

How it works

Scammer compromises your supplier's email mailbox (phishing/credential stuffing) and from there sends an invoice/payment request with a changed IBAN. The email ACTUALLY comes from the supplier (correct domain, authentic headers,...

Red flags

  • Urgent pressure to click, pay, or share codes immediately.
  • A link or sender that does not match the official organization.
  • Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What to do

  1. 1WHAT TO DO: ALWAYS phone verification with the supplier at the known number.

Source

NCSC-Switzerland

Source reviewed by Mythos Forensic Team

https://www.ncsc.admin.ch/

FAQ

Is Supplier account takeover — email from supplier's real mailbox a real scam pattern?

Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.

What are the first warning signs?

Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.

What should I do first?

WHAT TO DO: ALWAYS phone verification with the supplier at the known number.

Can LegalAudit check my case?

Yes. Start a free chat and paste the message, link, sender, or payment details for triage.