GuidedStack
Book a risk call
Cyber sprint · ~7 days

Stop payment redirection fraud before one fake invoice costs you $50K.

A short sprint for Australian SMEs to lock down supplier bank-detail changes, invoice approvals, staff verification, and email-risk basics — and produce insurer-ready evidence.

Book a 20-minute risk callSee what's included
Aligned to ACSC BEC guidanceInsurer / auditor evidenceBuilt for finance & admin teams
The problem

It doesn't take a hack. It takes one believable email.

Payment redirection fraud needs one rushed invoice and one weak verification process. Australian scam losses exceed $2 billion a year, and the ACCC warns specifically about fake invoices and changed bank details. The controls to stop it are simple and cheap — most businesses just don't have them written down.

The trigger

A supplier "changes" bank details

An email arrives asking to update payment details. It looks normal. Your team updates the record and pays the next invoice to the scammer.

The gap

No verification step

No one calls a known number to confirm. There's no approval matrix and no owner for bank-detail changes.

The cost

Money gone, often uninsured

The payment is hard to recover, and insurers increasingly ask what controls you had in place first.

What you get

Tight scope. Fixed price. Fast.

Entry

Risk Check

A 45-minute review of your payment-change workflow, a risk score and the top 10 fixes. Credited to a sprint if you proceed within 14 days.

Starter

Starter Sprint

  • Payment workflow map
  • Bank-detail change verification SOP
  • Phone-verification script + staff checklist
  • Supplier/customer email templates
  • Incident-response mini-playbook + handover
Full

Full Sprint

Everything in Starter, plus:

  • M365 / email security quick check (MFA, SPF/DKIM/DMARC)
  • Approval matrix + staff training deck
  • Insurer / auditor evidence pack
  • Optional automation for reminders/approvals
Best fit

Built for businesses that pay suppliers by invoice.

Australian SMEs (10–200 staff) with a finance or admin team and frequent supplier payments: construction & trades, professional services, real estate, medical & allied health clinics, accounting & bookkeeping, and manufacturing/distribution.

Questions

Before you book.

What is payment redirection fraud?
It's when a scammer tricks your team into paying a supplier's invoice to the wrong bank account — usually with one believable email, one rushed invoice and one weak verification step. It's a form of business email compromise (BEC).
How long does the sprint take?
About 7 days once scope and access are ready. It starts with a short risk check, then the Starter or Full sprint. Scope is fixed and we confirm price on the call — the risk check is credited to a sprint if you proceed within 14 days.
Will this give us evidence for our cyber insurer?
Yes. The Full Sprint produces an insurer- and auditor-ready evidence pack covering your verification process, approvals and email security basics.
Book a risk call

20 minutes. One workflow.

Bring one example of your current supplier bank-detail change or payment-approval process. We'll tell you the fastest way to close the gap.

Or email [email protected]

Please don't include account numbers, passwords or sensitive records — a plain description is enough.