Invoice Redirection Scams via LinkedIn
Fraudsters use LinkedIn to research payment decision-makers and craft targeted invoice-diversion attacks, often combining LinkedIn intelligence with email-based execution.
Part of: Invoice Redirection Fraud
Last reviewed: 1 June 2026
LinkedIn is a reconnaissance goldmine for invoice redirection attackers. Fraudsters identify finance directors, accounts payable managers, and their suppliers through company pages and employee listings — gathering the relationship maps and job titles needed to make impersonation emails credible.
While the actual redirection typically executes over email, LinkedIn plays a critical enabling role by giving attackers the context to craft authoritative, personalised messages. In some cases, LinkedIn messages are also used directly to initiate or reinforce fraudulent payment instructions.
How this scam works on LinkedIn
An attacker identifies a target company's finance team and their regular suppliers via LinkedIn. They then send an email — or occasionally a LinkedIn message — impersonating the supplier's account manager with 'updated' payment details ahead of the next invoice.
In direct LinkedIn attacks, a connection request is sent from a profile mirroring a known supplier employee. After acceptance, a message claims the company's banking details have changed and requests the new details be updated before the upcoming payment run.
LinkedIn is also used to identify the names of executives and their assistants, enabling more targeted CEO fraud emails to be sent that reference the correct names and reporting lines, greatly increasing credibility.
Common red flags
- LinkedIn connection from someone appearing to be at a known supplier followed immediately by a banking change request
- Message claims that the supplier's finance team has been restructured and new bank details apply
- Sender profile was recently created or has limited mutual connections
- Request to update payment details comes outside normal invoicing cycle
- Any change to payment instructions arrives via social media rather than formal business channels
How to protect yourself
- Establish a policy that banking detail changes require verbal confirmation using a known contact number regardless of channel used to notify you
- Treat LinkedIn connection requests from supplier employees you do not know with caution, especially near payment dates
- Limit publicly visible financial decision-maker information on company LinkedIn pages
- Include invoice fraud awareness in onboarding for all finance team members
- Never update supplier payment details based solely on a LinkedIn message
- Review new connection requests from people claiming to work at existing suppliers before accepting
How to report it
- Report the fraudulent LinkedIn profile using the profile's 'Report' option
- Notify your legitimate supplier contact immediately so they can warn their own network
- Report any completed fraudulent payment to your bank and national fraud authority
Frequently asked questions
Should we make our finance team's LinkedIn profiles private?
Reducing public visibility of accounts payable staff names and their reporting relationships limits attackers' reconnaissance capability without materially harming business development. Work with HR to set sensible defaults.