Invoice Redirection Scams on Telegram
Fraudsters use Telegram to impersonate supplier contacts and announce banking detail changes, diverting business payments to criminal accounts.
Part of: Invoice Redirection Fraud
Last reviewed: 1 June 2026
As Telegram gains adoption in B2B communication, particularly in import/export, construction, and commodity trading communities, it has become a viable channel for invoice redirection fraud. A message from what appears to be a familiar supplier contact announcing changed banking details blends naturally into ongoing Telegram business conversations.
The informal norms of Telegram communication may lead recipients to act quickly without applying the verification procedures they would use for formal email-based banking change notices.
How this scam works on Telegram
An attacker obtains the Telegram handle or phone number of a business's accounts payable contact through LinkedIn, industry groups, or a data breach. They send a Telegram message impersonating a known supplier, explaining that banking details have changed and requesting the new account is used for the next payment.
The message may include the supplier's company logo shared as an image, forged payment confirmation screenshots, or references to specific invoice numbers to appear credible. Payment made to the fraudulent account is moved quickly to further accounts or converted to cryptocurrency before detection.
Some operators combine a Telegram banking change notice with a follow-up call posing as the supplier's accounts manager, providing a second apparent confirmation to overcome any hesitation from the finance team.
Common red flags
- Telegram message from a supplier contact announcing changed banking details outside normal correspondence
- Message references specific invoice details sourced from reconnaissance, lending false credibility
- New account details are in a different country or bank from the supplier's usual arrangement
- Message asks for the change to be processed before the upcoming payment run
- Supplier is unreachable on their usual Telegram handle or phone number when you attempt to verify
- Message includes a company logo or official-looking imagery to increase apparent authority
How to protect yourself
- Verify all banking change requests — including those received via Telegram — by calling the supplier's main switchboard on a number from your existing records
- Establish a written policy that banking changes require dual-channel confirmation (Telegram plus phone or email)
- Never action a banking change based solely on a Telegram message from a contact you cannot independently verify
- Brief finance teams that Telegram-based banking change requests are an emerging fraud pattern
- Update supplier banking details only after a documented, verified confirmation process
- Implement dual-authorisation on payments to changed or new accounts
How to report it
- Contact your bank immediately to recall the payment
- Report the fraudulent Telegram account via the in-app 'Report' function
- Notify the legitimate supplier and your national fraud reporting authority
Frequently asked questions
Is Telegram end-to-end encryption a risk indicator for invoice fraud?
Not inherently — the encryption protects both parties. The risk lies in the lack of identity verification on Telegram accounts. Anyone can create an account impersonating a known contact. The key control is always verifying banking changes through an independent, previously confirmed channel.