Focused guide

Business Email Compromise on WhatsApp

Attackers extend business email compromise onto WhatsApp, impersonating colleagues or suppliers to push urgent payment instructions through personal messaging.

Part of: Business Email Compromise (BEC)

Last reviewed: 1 June 2026

Business email compromise increasingly spills over onto WhatsApp, where a message from a supposed colleague or supplier feels direct and personal. After or alongside an email approach, the attacker uses chat to reinforce a fraudulent payment request and apply pressure outside formal channels.

The mobile, informal nature of WhatsApp removes many of the cues finance staff rely on. A request that would face scrutiny as a formal email can feel routine as a quick message, especially when paired with a recognisable name and a plausible reason for using chat.

How this scam works on WhatsApp

The attacker contacts a finance or operations employee on WhatsApp posing as a colleague, executive, or supplier contact, often citing a reason such as travel or a new phone. They may reference a real project or invoice to appear genuine.

The request follows the BEC pattern: an urgent transfer, a change of payment details, or sensitive information, framed as time-critical and best handled quickly and quietly. The chat format isolates the target and pressures an immediate response.

If the employee complies, the funds reach a criminal-controlled account. Because the request arrived through informal messaging, it may avoid the checks applied to formal requests until the loss is later uncovered.

Common red flags

A WhatsApp message from a new number claiming to be a colleague or supplier
An urgent payment or bank-detail change requested through chat
A reason given for using WhatsApp instead of normal channels
Reference to a real project or invoice to build credibility
Pressure to act immediately and confidentially
Instructions that bypass standard payment-approval steps

How to protect yourself

Verify any payment request by phone on a known, saved number
Treat financial requests received via WhatsApp as unverified
Apply dual authorisation to transfers regardless of channel
Confirm bank-detail changes through an independent, known contact
Remind staff that colleagues and suppliers can be impersonated in chat
Keep payment approvals within official, auditable systems

How to report it

Report the number using WhatsApp's in-app reporting tools
Notify your bank immediately if a payment was made
File a report with your national cybercrime or fraud centre

Frequently asked questions

A supplier messaged our finance team on WhatsApp asking to change payment details. Is it safe?

Not on the message alone. Anyone can set up a number and use a familiar name. Verify the request by calling a known supplier or colleague contact on a saved number, and apply your normal payment-approval checks before acting.

How this scam works on WhatsApp

Common red flags

A WhatsApp message from a new number claiming to be a colleague or supplier

An urgent payment or bank-detail change requested through chat

A reason given for using WhatsApp instead of normal channels

Reference to a real project or invoice to build credibility

Pressure to act immediately and confidentially

Instructions that bypass standard payment-approval steps

How to protect yourself

Verify any payment request by phone on a known, saved number

Treat financial requests received via WhatsApp as unverified

Apply dual authorisation to transfers regardless of channel

Confirm bank-detail changes through an independent, known contact

Remind staff that colleagues and suppliers can be impersonated in chat

Keep payment approvals within official, auditable systems

Frequently asked questions

A supplier messaged our finance team on WhatsApp asking to change payment details. Is it safe?