Try this first
- 1Pause before paying. Call the vendor on the number already in your records, not the one in the email or signature. Ask whether the IBAN change is real.
- 2Check the sender for small deviations: extra letter, different TLD, IDN tricks like a Cyrillic 'a'. If you have an external-sender banner, check it is set.
- 3Inspect the mail headers in Defender for Office or via Show original. Watch for compauth=fail, dmarc=fail, or a Reply-To that differs from the From.
- 4Agree on a hard rule with finance: every IBAN change requires a callback confirmation plus an internal mail confirmation from the finance lead. No exceptions, not even when it is urgent.
- 5If a real phish was involved, check whether other vendors 'changed' details in the same period. BEC crews often work through a full vendor list.
When to bring us in
If the payment has already gone out, call your own bank immediately and request a recall. The faster the call, the better the odds the money has not been moved on. Then police and cyber insurance.
See also
- I think I clicked a phishing linkNo shame, happens to everyone. The next fifteen minutes matter.
- A colleague's account is acting strangelySending mail in their name, rules hiding folders, unusual sign-ins. Suspicious.
- Lost the MFA app: new phone, no backup codesClassic problem after a phone upgrade. You are not the first to be locked out.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.