← All Digital Seatbelts Seatbelt 03 of 04

Check before acting.

A 30-second verification costs nothing if the request is genuine. If it isn't, that check is the only thing standing between business as usual and a very expensive bad day. The trick is making it a habit, not a one-off.

Book a free 15-min cyber chat Take the Test Drive

Email · Friday 16:55

From: Accounts — Premier Supplies Ltd <accounts@premier-supplies.co.uk>

Updated bank details for invoice payments

Hi team,

Please note we've recently changed our banking provider. All future payments should go to the new account below. Please update your records to avoid any disruption.

Account: 12345678
Sort Code: 20-00-00

Many thanks,
Accounts Team

Bank detail change requests need a phone-call check. Always.

Verification, not paranoia

The goal isn't to question everything. It's to verify the things that matter.

You don't need to phone-check every email. The trick is knowing which requests are worth a 30-second pause — usually anything involving money, access, or unusual instructions — and having a simple, repeatable way to verify them.

Always worth checking

Any change to bank details, payment instructions, or supplier accounts
Requests for unusual purchases — gift cards, prepaid cards, crypto
"Can you process this for me?" from a director or finance lead
Login prompts that arrive unexpectedly, especially MFA push notifications you didn't trigger
HR or payroll changes — salary redirects, P45/P60 requests, address updates
Anything that asks you to share access, passwords, or codes

How to verify (the right way)

Use a different channel — if it came by email, verify by phone or in person
Use a known number, not the one in the email signature
For internal requests, walk over to the person or DM them on Teams/Slack
For supplier changes, call the supplier on the number you've always used
Never approve an unexpected MFA push — deny it and report it
If it's after hours, the safest answer is almost always "I'll check tomorrow"

Why this matters

The biggest losses come from invoices that looked entirely normal.

Invoice and supplier-payment fraud is the most expensive single category of cyber crime against UK businesses. The attack rarely fails because someone "spotted the email" — it fails because someone made a phone call before pressing send. That phone call is the seatbelt.

If a 30-second check would feel awkward, that's exactly when it's worth doing.

No genuine supplier has ever been annoyed by a verification call.

Continue with the other seatbelts

01 · Pause before clicking 02 · Spot the urgency 04 · Lock your device

Want a real chat?

Book a free 15-minute cyber chat.

No sales pitch, no jargon. We'll talk through how your business handles supplier changes, payments, and verifications today — and where a couple of small habits could save you a lot of trouble.

Book your free chat Take the Test Drive