Fake Wise Business Payment Redirect Scam
Criminals intercept or impersonate business email communications and instruct suppliers or clients to update their payment destination to a fraudulent Wise account, diverting legitimate B2B payments to the attacker while appearing to come from the legitimate business.
Part of: Invoice Redirection Fraud
Last reviewed: 7 June 2026
Wise Business accounts are widely used for cross-border supplier and freelancer payments. Their multi-currency account details — which include local bank-style account numbers in various countries — make them indistinguishable from a traditional bank account to a payer. This is an operational strength that criminals have learned to weaponise in invoice-redirection fraud.
In this scam, the attacker either compromises the email account of a business using Wise, or spoofs its email domain well enough to deceive the recipient. They then send an email to the business's customers or suppliers explaining that banking details have changed and that future payments should be directed to a new account — which is, in fact, a Wise account under the fraudster's control.
Because Wise account details look like standard local bank accounts (a sort code and account number in the UK, a routing number and account number in the US), the payer sees no obvious reason to distrust them. Payments made to the fraudster's Wise account are typically spent or withdrawn before the fraud is discovered, which may be weeks later when the legitimate business chases overdue invoices.
How this scam works on the Wise brand
Legitimate Wise account details remain stable — they do not change unless a business actively updates them. Any email announcing a sudden change in payment details should be treated with heightened suspicion, particularly if it requests immediate action or provides a tight deadline for updating records.
Real Wise Business accounts send payment instructions from verified email addresses and often include them on signed PDF invoices. The fraudulent version arrives from an email that mimics the legitimate company domain (e.g. [email protected] instead of [email protected] — note the hyphenated variant).
The financial impact of this fraud falls on both the payer (who loses the payment amount) and the payee (who does not receive payment for goods or services rendered). It often strains business relationships and can be difficult to recover from, since both parties may blame each other initially.
Common red flags
- Email announcing a change to existing payment banking details — especially under urgency
- Sender domain is slightly different from the usual business email address
- Account details changed from a familiar bank to an unfamiliar provider or a Wise 'local' account
- The email requests updates to payment details for outstanding or upcoming invoices immediately
- A new contact person is introduced alongside the banking change, without prior introduction
- The email is sent outside of normal business hours or during periods when the business is known to be busy
- Any follow-up call 'confirming' the change that cannot be verified through an established contact number
How to protect yourself
- Verify any payment-detail change by calling the supplier or client at a previously confirmed phone number — not the one in the email
- Implement a dual-authorisation rule for any change to supplier bank details
- Do not treat any email requesting a payment-detail update as sufficient authorisation on its own
- Check sender domains carefully for typosquatting variants of familiar addresses
- Use a secure digital signature or verified payment portal for invoices where possible
- Brief accounts-payable staff on invoice-redirection fraud regularly
- If you use Wise Business, regularly review your account's listed details to ensure no unauthorised changes
How to report it
- Report to Wise through in-app chat at wise.com/help and notify them of the fraudulent account
- Report in the UK to Action Fraud at actionfraud.police.uk and the FCA at fca.org.uk
- In the US, report to the FBI's IC3 at ic3.gov and your bank's fraud team
- Notify the legitimate business whose identity was used — they may also be a victim and unaware
- File a complaint with the FTC at reportfraud.ftc.gov
Frequently asked questions
Why would a fraudster use a Wise account for invoice redirection?
Wise accounts provide local bank account details in multiple currencies that are indistinguishable from traditional bank accounts to a payer. They can be opened remotely with relatively simple verification, making them attractive for fraud before Wise's own fraud-detection systems flag them.
Can I recover a misdirected payment sent to a Wise account?
Report to Wise immediately through in-app chat. Wise co-operates with law-enforcement investigations and may be able to freeze a fraudulent account. Recovery is not guaranteed, especially if funds have already been withdrawn. Report as quickly as possible.
How can a business prevent its email from being spoofed?
Implement DMARC, DKIM, and SPF email authentication on your domain. This does not prevent all spoofing, but it makes it harder for attackers to send convincing fakes from your exact domain. Educate your clients to verify payment changes by phone.