Suspicious invoice email or "payment request" from a supplier
Classic: a mail that looks like a real invoice, with a new bank number or an urgent tone. Almost always phishing.
Try this first
- 1Do not click links or buttons. Open the supplier portal directly via a bookmark you already had, or by Googling the real supplier name.
- 2Call the supplier on a number you already knew (old invoice, contract, official site). Not the number in the suspect mail.
- 3Inspect the sender domain literally: "supplier.com" vs "supplier-pay.com" or "supplier.nl-pay.com" are typical phish forms.
- 4Caution: phishers sometimes use a genuinely-hacked supplier account. Still doubt? Call.
When to bring us in
Already paid or entered credentials? Call your bank first and then us. The first 24 hours are critical for recovery.
See also
- Our emails land in spam for some recipientsAlmost always an SPF, DKIM, or DMARC setting that is wrong or missing, or a sender name that mimics a well-known brand.
- Someone reports receiving phishing emails "from us"Read: spoofing. Someone is abusing your sender name, not necessarily your actual mailbox.
- An email bounces (NDR): delivery failedThe NDR text usually states the exact reason. Reading it is step one.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.