The One Email Every Small Business Should Be Afraid Of: “Please Urgently Update Our Bank Details.”

When a new year starts, most people make promises to themselves: sleep more, take proper breaks, find new clients, and get back to the gym. But if you run a small business, here’s a specific resolution that has to do with protecting your money.

Promise yourself that in 2026, you will never change bank details based on an email alone. This one habit can save you thousands of dollars, spare you a lot of stress, and help you avoid that awkward call with a supplier who’s still waiting for a payment you think you already sent.

Out of all the emails a business receives, one of the most dangerous sounds like this:

“Hi,
We’ve changed banks. Please update our payment details before the next invoice is due.”

Why This Scam Works So Well on Small Businesses

Criminals slip in when business owners are most busy: month-end, tax time, a major deadline, the holiday rush, or simply when they have too many emails to get through. They take advantage of the routine of invoices going in and out, and that occasional updates happen.

They make their messages look as normal as possible, often including a real name or signature taken from previous emails, so nobody should feel guilty if they ever fall for this scam.

What’s Going On Behind the Scenes

Scammers usually take one of these approaches:

They pretend to be your supplier. They create an email address that looks almost identical to the real one, maybe just a single letter changed. You update the account number, send the money, and only realize it was fake when your real supplier wonders why you haven’t paid.

Related: What Is Invoice Fraud and How Small Businesses Can Stay Safe

They take over a real inbox. If a supplier’s email account has been compromised, the scammers read past emails and reply inside an existing thread. It feels completely legitimate because, technically, it is — it came from the real inbox.

Related: How to Prevent or Recover from A Business Email Compromise (BEC) Attack

They target you after a data breach. If your supplier list, invoices, or email address leaked somewhere, they already know who you work with and how you usually communicate. They tailor the message to fit your style so you won’t question it.

In every version, the money ends up in an account opened with fake documents and is transferred out almost immediately.

Red Flags to Watch For

Modern scams aren’t sloppy or full of spelling mistakes anymore. Still, a few things should make you stop and think twice:

– They push urgency: “today,” “before 3 PM,” “year-end processing.”
– They attach a PDF with new account details instead of writing them directly in the email.
– The message arrives at a time they don’t normally write.
– The tone feels slightly different, more formal, more abrupt, or just… off.
– They ask for the change right before a scheduled payment.

Double-Check a Bank-Detail Change Safely

Most losses happen because someone wanted to be helpful and get the payment out quickly.

Instead, take one minute to:

– Call the supplier using the number you already have.
– Ask them to confirm the change verbally. No legitimate business will mind you double-checking.
– Wait for confirmation through two channels: phone plus email, or phone plus a secure internal system.

Related: Train Your Team to Recognize and Stop BEC Scams

Protect Your Business Before It Happens

A few simple habits offer strong protection:

– Never update bank details based solely on an email.
– Make two-step verification standard for any account change.
– Use multi-factor authentication on every business email account.
– Train whoever handles payments, even if it’s a freelancer or part-timer.
– Use security tools that warn you when someone tries to impersonate a supplier.

Bitdefender Ultimate Small Business Security helps by blocking phishing emails, scanning attachments, and alerting you when a message looks suspicious or unusual. Scam Copilot can also check any email you’re unsure about and tell you instantly if something doesn’t add up.

The best part is that it flags and stops a “Please Urgently Update Our Bank Details” type of email, so you don't even have to deal with it.

Start your free trial.