Invoice Redirection on Slack
Fraudsters impersonate a supplier in Slack to announce new banking details, diverting genuine invoice payments to an account they control.
Part of: Invoice Redirection Fraud
Last reviewed: 1 June 2026
When suppliers and customers share Slack channels or connect workspaces, invoice redirection can be delivered as a chat message. A request to update banking details under a familiar supplier name can pass for normal collaboration in a space staff already trust.
The casual pace of Slack reduces the verification a formal bank-change request would prompt. A compromised supplier account or an external connection using a recognisable name can announce new payment details that staff act on without confirming them independently.
How this scam works on Slack
The attacker, through a compromised supplier account or a connected workspace, messages finance or project staff in Slack stating that the supplier has changed banks. They reference a real invoice or order to seem genuine.
They provide new account details and ask that the next payment use them, presenting the change as routine. The direct-message or channel context discourages formal verification, and the familiar identity lowers suspicion of the new details.
When the customer pays to the new account, the money reaches the criminal. The diversion usually surfaces only when the genuine supplier reports the payment missing.
Common red flags
- A supplier announcing a bank-detail change through Slack
- A connected or external account using a known supplier name
- A change request citing a real invoice to build trust
- New banking details supplied only in chat
- Pressure to redirect an upcoming payment
- Avoidance of a phone call to confirm the change
How to protect yourself
- Verify any bank-detail change by phone with a known supplier contact
- Never action banking changes from a Slack message alone
- Require dual authorisation for changes to supplier records
- Identify and limit connected external workspaces and guests
- Confirm the first payment to a new account before continuing
- Keep banking-change processes in audited, official systems
How to report it
- Report the suspicious account to your workspace administrator
- Notify your bank and the genuine supplier without delay
- File a report with your national cybercrime or fraud authority
Frequently asked questions
A supplier wants to change bank details via Slack. Is that acceptable?
Not on the message alone. A compromised supplier account or external connection can post such a request under a trusted name. Confirm the change by phone with a known supplier contact before updating banking records.