Who should use this BEC checklist?

Small businesses, bookkeepers, contractors, law firms, agencies, and office managers who approve invoices, wires, ACH, or vendor bank changes.

Does this require sharing passwords?

No. The workflow explicitly forbids passwords, MFA codes, bank logins, private keys, and unredacted credentials.

Home / BEC Checklist

Free checklist

The 12-minute check before you pay a changed invoice.

Use this before approving a new vendor bank account, urgent wire, ACH change, suspicious invoice, or executive payment request.

Get the full BEC Defense Pack

1. Pause the payment

Any banking change, rushed request, or unusual tone triggers a verification pause.

2. Verify off-thread

Call a number already on file. Do not use a phone number from the suspicious email.

3. Check the mailbox

Look for forwarding rules, hidden filters, OAuth grants, and unusual logins.

Copy/paste SOP

Payment-change verification script

Hi, this is [name] from [company]. We received a request to change payment details for [invoice/vendor]. I’m calling the number we already had on file to verify before we make any change. Can you confirm whether your team requested this change, who approved it, and what secure process we should use to validate the new details?

Red flags

Email evidence

Reply-to mismatch, lookalike domain, unusual urgency, new bank details, changed tone, attachment/link pressure.

Mailbox evidence

New forwarding rules, filters that hide replies, strange OAuth apps, login from new location, deleted invoice threads.