Chinese Supplier Wants Payment to Personal Bank Account? STOP. Here's Why It's Almost Always Fraud

You're deep into a sourcing deal. Samples checked out. PI (Proforma Invoice) looks official. Then the message arrives:

"Hi dear, our company account is temporarily under annual inspection / tax audit / foreign exchange review. Please wire the balance to our manager's personal account this time. It will be faster for us. Here are the details — Account Name: WANG WEI, ICBC, Shenzhen..."

Or maybe it's framed as urgency:

"Our accountant says the company account is frozen. Ship date is at risk. Please use this account instead — Account Name: LI JUN, Bank of China, Guangzhou..."

Or it sounds almost reasonable:

"For smaller orders under $50,000 we use our director's personal account to avoid customs reporting delays."

Every single one of these is a red flag. Sometimes they're a red flag that a real, known supplier has had their email hijacked by attackers who intercepted the conversation. Sometimes the supplier themselves is asking you to help them dodge taxes, which is illegal and drags you into that liability. Sometimes there was never a real supplier at all — the whole storefront was a fraud operation waiting for exactly this moment.

This guide walks through why legitimate Chinese businesses cannot legally accept international B2B payments into personal accounts, the three fraud patterns you'll see, how to forensically inspect an email for signs of compromise, and the exact 5-step protocol to use the moment this request hits your inbox. If you've already wired, there's a section on recovery options — they're limited, but speed matters.

Why Corporate Payments MUST Go to Corporate Accounts — The Legal Reality in China

Before examining the scams, understand this foundation: it is not a matter of preference or convenience. Under the People's Republic of China Commercial Bank Law and a stack of regulations from the People's Bank of China (PBOC) and the State Administration of Foreign Exchange (SAFE), a legitimate Chinese company receiving international trade payments is required to do so through a corporate bank account registered to that company.

Here is what Chinese law and banking practice require:

1. Foreign exchange (forex) receipts for trade must flow through corporate accounts. SAFE regulates cross-border capital flows. When a foreign buyer wires USD, EUR, or any other foreign currency to China for goods, the receiving entity must be a Type A enterprise on SAFE's list and must receive the funds into a designated foreign-currency corporate account. Individuals receiving $50,000+ in foreign currency per year without proper declaration trigger automatic anti-money-laundering (AML) review.
2. Anti-Money Laundering Law of the PRC (2007, revised 2024). Banks must perform Know Your Customer (KYC) for commercial transfers. Large cross-border payments landing in a personal account raise AML flags and can be frozen by the receiving bank under PBOC anti-fraud guidance.
3. Tax compliance. A legitimate company receiving international trade income must issue VAT fapiao (发票) and declare the income. Income routed through a director's personal account is outside the company's books — this is tax evasion, which is a crime in China under the Criminal Law, Article 201.
4. Corporate governance. A supplier that is willing to let its "director" or "accountant" receive $50,000 into their personal ICBC account is, at minimum, engaging in corporate funds misappropriation (职务侵占, zhíwù qīnzhàn) — another crime under PRC law.

So when a supplier says "just send it to my personal account, no problem," you are being asked — at best — to participate in their tax evasion and forex violations, and at worst you are being defrauded outright. There is no innocent third option.

The 3 Scam Patterns Behind "Please Pay to a Personal Account"

Every "please pay my personal account" request falls into one of three buckets. You need to understand each, because your response — and your recovery options — differ significantly.

Pattern 1: Supplier Email Hijack (Business Email Compromise / BEC) — MOST COMMON

This is the single most common wire-fraud pattern in international B2B today, and Chinese sourcing is a favorite target. The FBI's Internet Crime Complaint Center (IC3) reports Business Email Compromise losses in the billions of dollars per year, with Asia-facing wire fraud a major component.

How it works:

• Attackers compromise the supplier's email account (often via phishing, credential stuffing from leaked databases, or a poorly-secured shared inbox like sales@supplier.com).
• They sit silently, reading real conversations for weeks. They learn your project name, your PO number, your shipping terms, who the salesperson is, which product you're buying, and the exact invoice total.
• At the moment of payment, they inject a message. Sometimes they send it directly from the real account. Sometimes they register a lookalike domain (suppliercorp-ltd.com vs. real suppliercorp.com; swap rn for m; swap .com for .cn or .co) and send from there.
• The message says the corporate account is under audit / frozen / blocked, and provides a personal account (which is typically a mule account — an account opened by a Chinese citizen who was paid or coerced to open it).
• Once you wire, the mule withdraws cash within hours. By the time anyone realizes, the money is gone.

Tell-tale signs of BEC: the story changes mid-negotiation (it was a corporate account in earlier PIs and suddenly it's a personal account on the final invoice), the sender's writing style shifts slightly, "Reply-To" headers differ from the "From" address, or the domain has one subtly different character.

Pattern 2: Real Supplier Evading Tax — STILL ILLEGAL, STILL DANGEROUS TO YOU

Sometimes the supplier is real, the person asking is real, and they genuinely want the money — they just want it off the books. Reasons:

• Avoiding VAT and corporate income tax. Income routed into a personal account is not declared, saving them 13% VAT and 25% corporate income tax.
• Dodging SAFE reporting requirements. A small company may not be registered as a SAFE Type A enterprise and literally cannot receive foreign forex into a corporate account.
• Skimming from their own employer. The salesperson is operating their own side channel, selling factory product on the side and pocketing the cash. The factory owner has no idea.

Why this is still dangerous for you, even if the goods eventually arrive:

• No VAT fapiao = no proof of purchase. Without a valid fapiao, you have no tax-deductible cost basis for your customs declaration or your home-country books. Your accountant will flag the expense. Your tax authority may disallow the deduction.
• No recourse. If the product is defective, short-shipped, or never ships after sample stage, you have no contract the supplier will honor in a Chinese court. A Chinese court will not help you enforce a contract tied to an illegal off-the-books payment.
• AML exposure. Your own bank's compliance team may question why your company is paying a Chinese individual. Some US/EU banks will freeze the transfer pending explanation.
• The scam-adjacent cases. Once you've normalized paying to personal accounts, it's easy for the "salesperson" to later divert one big payment entirely and ghost you. That's when Pattern 2 silently becomes Pattern 3.

Pattern 3: Fake Supplier From Day One

Sometimes, the whole thing is a setup. The Alibaba storefront was purchased cheaply (Alibaba accounts are resold on Chinese black markets), the website was cloned from a real manufacturer, the product photos were scraped, and the bank account was never expected to be a corporate one because no corporation exists.

Common characteristics:

• Prices dramatically below market — iPhones at 40% of wholesale, N95 masks at a quarter of real cost, electronics at factory-direct pricing you won't actually see from a trader.
• Pressure to wire outside Alibaba Trade Assurance — "Dear, Alibaba charges fees, let's do TT directly for a better price."
• Newly registered entity (if any). Alibaba Gold Supplier status bought in the last 12 months.
• Vague about factory address, no video call willingness, refuses an in-person visit or audit.
• From the very first PI, they only propose a personal account.

These fake-from-day-one operations are designed to disappear. Once your wire clears, the "salesperson" stops replying, the Alibaba account is burned, and the mule account has been emptied.

How to Spot a Hijacked Email — The BEC Forensics Checklist

If you're going to catch Pattern 1 (BEC) before you lose money, learning to inspect an email properly is the single highest-leverage skill in cross-border sourcing. Here is what to look at:

1. Inspect the From, Reply-To, and Return-Path headers — they should all match

In most desktop email clients (Gmail: "Show original"; Outlook: "View message source"; Apple Mail: "View → Message → Raw Source") you can see raw email headers. Look for:

• From: The display name and email address the sender claims.
• Reply-To: Where your reply will actually be sent. If different from From, that's a big red flag — a hijacker may want your reply routed to their mailbox instead of the real supplier's.
• Return-Path: Where bounce messages go. Mismatches here are suspicious.
• Received-SPF / DKIM / DMARC: These should say pass. A fail or softfail for emails purportedly from a known business domain is a serious red flag.

2. Check the sending domain character-by-character

Lookalike domains are the BEC attacker's favorite tool. Common tricks:

• rn instead of m — moderncorp.com becomes rnoderncorp.com.
• 0 (zero) instead of o — g00dsourcing.com.
• Extra hyphens — supplier-corp.com vs suppliercorp.com.
• Different TLDs — real .com becomes .co, .cn, .net, .xyz.
• Unicode homoglyphs — Cyrillic а that looks identical to Latin a.

Copy the email address and paste it into a text editor where you can see every character clearly. Compare character by character to a previous legitimate email from the supplier.

3. Did the sending pattern change?

• Was this email sent from China (look at Received: IPs — tools like mxtoolbox.com or even an IP-to-country lookup help) when earlier emails came from China, but this one came from Nigeria, the UK, or a VPN exit node?
• Was it sent at an unusual hour (3am Beijing time)?
• Was the greeting style different ("Dear" vs. "Hi [your name]" — BEC actors often default to generic openers)?
• Does the writing style feel subtly different? More formal, more errors, oddly perfect? Attackers sometimes run messages through translation tools that change register.

4. Did the banking details change mid-conversation?

This is the single most reliable BEC signal. If you had a PI a month ago showing a corporate account at ICBC Shenzhen, and now the final invoice says ICBC personal account in Guangxi, something has changed in the conversation that you did not initiate. Go to your old PI, not any new PDF they send. Attackers will send a "revised" PI with the new bank details. Always trust the oldest corroborated document.

5. Was the attachment slightly different?

A hijacker often sends a "revised invoice" PDF. The layout may be 95% identical, but:

• The bank details block is in a different font.
• There's a slightly different logo.
• The PDF metadata (right-click → Properties) shows a different author name or creation tool than previous PIs.
• The filename is INVOICE_FINAL_v2.pdf when all prior invoices used the format PI-20260418-12345.pdf.

Email Red/Green Flags at a Glance

What a Real Chinese Corporate Bank Account Looks Like

If you're going to push back on a personal-account request, you need to know what the correct answer is. Here's the profile of a legitimate Chinese supplier's corporate bank account:

• Account name matches the business license character-for-character. If the supplier's business license (营业执照) shows 深圳市益铭贸易有限公司 ("Shenzhen Yiming Trading Co., Ltd."), the account name is exactly that — in Chinese characters or the officially-registered English translation. No individuals, no DBAs, no "on behalf of" variants.
• Bank is one of the major commercial or joint-stock banks: ICBC (Industrial and Commercial Bank of China), BOC (Bank of China), CCB (China Construction Bank), ABC (Agricultural Bank of China), BCM (Bank of Communications), or joint-stock banks like CMB (China Merchants Bank), CITIC, SPDB, Ping An Bank, Minsheng. Small county-level rural commercial banks for an export-facing manufacturer are unusual and worth asking about.
• Branch matches the registered address city/district. A Shenzhen-registered company should have a Shenzhen branch account. If the business license says Shenzhen but the branch is in a different province, ask why.
• SWIFT code is present and correct. Every major Chinese bank has a standardized SWIFT code (e.g., ICBCCNBJSZN for ICBC Shenzhen branch). Look it up independently at swift.com — don't trust only what the supplier puts on the PI.
• USCC (Unified Social Credit Code, 统一社会信用代码) sometimes appears. This 18-character code is the company's unique identifier. Advanced PIs may include it to tie the account to the corporate entity.
• Bank Confirmation Letter available on request. A real company with a real account can ask its bank to issue a letter (盖章证明) on bank letterhead confirming: company name, account number, branch, SWIFT, USCC. If they refuse or delay this for more than a few days, something is off.

What to Do When You Receive This Request — The 5-Step Protocol

You've just received a message asking you to wire to a personal account, or to a new/different account than you previously agreed. Here is exactly what to do.

Step 1: STOP. Do not send anything. Do not confirm anything.

Do not reply "sure, can you clarify?" Do not ask for more details in the same thread — if the email is compromised, you are confirming to the attacker that their ploy is working. Treat the thread as compromised until proven otherwise. Also stop any scheduled wires with your bank if you've already initiated them.

Step 2: Verify out-of-band using a phone number you found — not one they sent you

Pick up the phone. Call the supplier using:

• The number listed on their business license (which you already pulled during your supplier verification, right?)
• The number in the signature of their first email to you (not the latest email — the compromise may have rewritten signatures).
• The number listed on their Alibaba Gold Supplier verified profile.
• WeChat voice call to the account you've used for months.

Do not use the phone number in the message requesting the new bank account. If they're compromised, that number goes to the attacker.

Ask specifically: "Is it correct that you want me to wire the balance for PO #12345 to a personal account named Wang Wei at ICBC Guangxi?" Listen for hesitation, confusion, or "Wait, what? No, we sent you the company account."

Step 3: If the order was placed through Alibaba, verify through Alibaba Trade Assurance

If you're on Alibaba, log into Trade Assurance and check:

• Does the Trade Assurance order have a corporate bank account listed?
• Has the supplier changed their bank details in their Alibaba profile recently?
• Message the supplier through the Alibaba platform (not email) and ask to confirm payment details.

If they push back on Trade Assurance ("let's use TT, it's faster, we'll give you 2% discount"), you have found your answer — back out.

Step 4: Request a Bank Confirmation Letter and a fapiao sample

Ask the supplier to provide a Bank Confirmation Letter on their bank's letterhead, dated within the last 7 days, confirming:

• Company name (matching the business license)
• Account number
• Bank branch
• SWIFT code
• Company USCC

Also ask for a sample VAT fapiao for a previous export order (with sensitive buyer info redacted if necessary). Fake suppliers and personal-account frauds cannot produce real fapiao because they have no real corporate tax registration.

A real supplier can send these within a few days. A scammer will stall, refuse, or send an obvious Photoshop job.

Step 5: If anything still feels off, cancel the order

You have more leverage than you think. The moment you say "I'm not comfortable proceeding — please refund my deposit or let's cancel the PO," one of two things happens:

• A real supplier will want to resolve this. They'll suddenly produce the corporate account, the bank letter, the fapiao sample.
• A scammer will either ghost you or double down on urgency. Either way, you know.

If you lose the deposit by canceling, that's a cheap education compared to losing the balance payment.

If You've Already Wired — Recovery Options (Act Within Hours, Not Days)

The honest news: once an international wire has been cashed out from a mule account in China, the money is almost always gone. Chinese mule operators are usually directed to withdraw cash or move funds to crypto within 24 hours. But while the window is small, it is not zero. Here's what to do — in this order — if you believe you just wired to a fraud.

1. Call your bank immediately and request a wire recall (SWIFT MT192)

Every hour counts. If the funds have not yet been credited to the Chinese beneficiary bank (typical settlement is 1–3 business days for cross-border USD wires), your bank can sometimes request a recall via the SWIFT network. Tell your bank specifically: "I believe I am the victim of Business Email Compromise wire fraud. Please initiate a SWIFT wire recall immediately and flag this transaction as fraud."

2. File with FBI IC3 (Internet Crime Complaint Center)

If you're in the US, file at ic3.gov within 24 hours. IC3 runs the Recovery Asset Team specifically for BEC and wire fraud. They coordinate with domestic and international banks, and have recovered billions of dollars when notified quickly. Non-US victims should contact their country's equivalent cyber-fraud authority (UK Action Fraud, Europol EC3, AFP in Australia).

3. Ask the beneficiary bank to freeze the account

Have your bank contact the beneficiary bank in China (ICBC, BOC, etc.) and request that the account be frozen pending a fraud investigation. Under PBOC anti-fraud guidance and the China Banking and Insurance Regulatory Commission (CBIRC) rules, banks can temporarily freeze suspicious accounts. This works best within the first 48 hours.

4. File a report with Chinese authorities

Reports can be filed with:

• The Public Security Bureau (公安) of the city where the beneficiary bank is located, through the local cybercrime unit (网安大队).
• The National Anti-Fraud Center app (国家反诈中心) — sometimes accessible through a Chinese contact, partner, or agent.

This is more effective if you have a Chinese-speaking partner, legal counsel, or agent who can physically file the report. The report also helps your insurance claim.

5. Check your insurance

Some trade credit insurance, commercial crime policies, and cyber insurance policies cover Business Email Compromise losses. Call your broker.

6. Preserve all evidence

Do not delete any emails, even ones that are obviously from attackers. Export the full email headers. Save the PI PDFs (both the original corporate-account version and the revised personal-account version). Document timestamps. This evidence is essential for bank recall, IC3, and any legal action.

Legal & Tax Implications — Why Paying a Personal Account Creates Risk for YOU

Even setting aside the outright fraud risk, paying to personal accounts creates real liability on your side:

• US Bank Secrecy Act / AML. Your bank has KYC and reporting obligations. Large, unusual wires to Chinese individual beneficiaries trigger Suspicious Activity Reports (SARs). Repeat patterns can get your account flagged or closed.
• OFAC / sanctions risk. The US Treasury OFAC maintains lists of Specially Designated Nationals. A personal account without verified KYC on the Chinese side increases the (small but non-zero) chance of accidentally wiring to a sanctioned individual — a strict-liability violation that can mean fines in the hundreds of thousands of dollars even without intent.
• Customs & tax deductibility. To claim import costs as cost-of-goods-sold on your home-country taxes, you need clean documentation: commercial invoice, packing list, bill of lading, bank wire receipt matching the invoice party. If the invoice says "Shenzhen Yiming Trading Co., Ltd." and the wire says "Wang Wei" — this mismatch may cause the IRS, HMRC, or your national tax authority to disallow the deduction. Lost deduction + lost funds is a double blow.
• Civil recourse. If the goods are defective or don't ship, you typically cannot sue the company you contracted with — you paid someone else. A Chinese court would dismiss the case. You could theoretically sue the individual, but serving and enforcing against a Chinese citizen is complex, expensive, and rarely works.
• Chinese tax co-conspirator risk. Knowingly participating in a supplier's tax evasion scheme has been used as a basis for Chinese tax authorities to refuse refund claims, deny future import permits, or add your company to a watchlist.

Real (Anonymized) Case Examples

These cases are composites based on documented BEC and wire-fraud patterns in China sourcing over the past several years. Names and details have been changed.

Case 1: The "account frozen for annual audit" — $82,000 lost

A US consumer-electronics brand was sourcing Bluetooth speakers from a Shenzhen supplier they'd worked with for two years. On the fifth reorder, two weeks before the balance payment was due, the salesperson (sending from what looked like the normal sales@ email) wrote: "Dear Mark, please note our company account is under its annual SAFE audit this month. Please send the balance to our finance manager's account this one time — details below." The email included a convincingly-formatted PDF invoice showing a personal ICBC account.

The brand's accounts-payable specialist, trusting the long-term relationship, wired $82,000. Three days later, the real supplier called asking when the balance was coming. The email account had been compromised for five weeks; the attacker had been reading the whole thread. SWIFT recall attempt failed — funds were withdrawn as cash within 18 hours.

Root cause: No out-of-band verification on a change of banking details. One phone call to the factory owner's known number would have caught it.

Case 2: The "help me avoid tax" $35,000 that almost worked — then didn't

A small Toronto-based beauty brand was negotiating with a private-label cosmetics factory in Guangzhou. The account manager proposed: "For this first order let's use my personal account — I'll give you 5% off since we avoid the VAT paperwork on our side." The buyer thought they'd found a savvy deal and wired to the personal account. Goods arrived, quality was fine.

On reorder three months later, the same account manager was "no longer with the company" according to a different email. The buyer reached out to the factory main line. The owner told them no such account manager had ever been authorized to accept payments — she'd been running a side operation selling factory seconds, pocketing the cash. The factory would not honor any warranty or the buyer's deposit for the reorder. The "5% discount" ended up costing them a burned supplier relationship and $8,000 in deposits.

Root cause: Normalizing off-the-books payments opened the door to the bigger loss.

Case 3: The too-good-to-be-true PPE order — $120,000 total loss

During a global PPE shortage, a UK medical distributor found N95 masks at 40% below market from a "Shanghai Wanhua Medical Co." on Alibaba. The supplier had Gold Supplier status (less than one year old) and pushed for a TT wire outside Trade Assurance: "Faster, no fees, and we give you priority production." Bank details were a personal account at a small joint-stock bank.

The buyer wired $120,000 as a 100% advance. No goods shipped. The Alibaba account was burned within two weeks. The "company" address turned out to be a residential apartment. Chinese police could not locate the individual; the identity used to open the mule account had been stolen from a real person elsewhere in China.

Root cause: Price too good, pressure to avoid Trade Assurance, personal account from day one — all three red flags present simultaneously, all three ignored.

FAQ

Q1: But my supplier says the Chinese government temporarily freezes all corporate foreign-exchange accounts for annual inspection. Is that true?

A: No. SAFE conducts annual reviews, but those reviews do not universally freeze a Type A enterprise's ability to receive foreign currency. If a specific company has been downgraded (Type B or Type C) for compliance issues, that's the company's own regulatory problem and is not your concern to solve with a personal-account workaround. Ask them to email you their SAFE classification letter. Scammers cannot produce one.

Q2: What if the supplier says they're a small workshop and don't have a corporate account?

A: Then they legally cannot accept international trade payments in foreign currency. In that case, you should use a trading company intermediary who has proper SAFE registration, or use a platform like Alibaba Trade Assurance. Do not wire a personal account on the promise that "we'll handle it."

Q3: Is paying to a Hong Kong account safer?

A: A corporate Hong Kong account in the company's registered HK entity name (with a Business Registration Certificate you can verify) can be legitimate — many Chinese exporters use a Hong Kong trading-company structure for forex reasons. But a personal Hong Kong account raises all the same red flags as a personal Mainland account — and Hong Kong's regulatory framework has been tightened significantly in recent years specifically because of BEC fraud.

Q4: The supplier is willing to use a personal account but offers a 5–10% discount. Isn't the math in my favor?

A: No. Even ignoring the fraud risk, you lose VAT fapiao, which is worth the same 13% VAT back from your customs calculation or home-country deductibility. You gain nothing. The discount is almost always offered specifically to override your skepticism. Decline it.

Q5: What about using Alipay, WeChat Pay, or cryptocurrency instead?

A: For B2B cross-border trade payments over small amounts, Alipay and WeChat Pay are not appropriate (they're designed for consumer C2C/C2B payments). For larger trade payments they're typically not used, and Chinese regulators tightly restrict cross-border flows via these rails. Cryptocurrency is a major red flag — any supplier asking for USDT, BTC, or similar has moved several tiers up the scam ladder. Legitimate factories invoice via T/T (telegraphic transfer), L/C (letter of credit), or Alibaba Trade Assurance.

Q6: My supplier used a corporate account for the deposit but wants a personal account for the balance. Is that OK?

A: No — it is actually more suspicious, because it's a classic BEC pattern: the attacker waits until the large balance payment is imminent before injecting the switch. The deposit was a trust-building step. Stop, verify out-of-band, and do not proceed without confirmation.

Q7: Can I use an escrow service to protect myself?

A: Yes. Alibaba Trade Assurance functions as an escrow-like service (held funds released on proof of shipment). Third-party escrows like PayPal Merchant Services (for smaller orders) or dedicated trade-escrow firms (LC Escrow, specialized trade-finance platforms) can also work. Escrow is almost always worth the 1–3% fee. Any supplier refusing escrow is signaling that they need direct irreversible payment — not a good sign.

Q8: The person asking for the personal-account transfer is someone I've known for years. Is it still a scam?

A: It may not be the person — it may be someone who has compromised their email. BEC attackers specifically target long, trusting relationships because those are where large balance wires are made with least scrutiny. Always verify out-of-band, especially when the stakes are high. Your long relationship is what the scammer is counting on to bypass your defenses.

Q9: What records should I keep to protect myself even when I do pay a corporate account?

A: Keep: (a) a copy of the supplier's business license and USCC code from the date of the deal; (b) the bank confirmation letter; (c) the signed PI/PO; (d) the VAT fapiao or export fapiao; (e) your bank's wire confirmation with matching beneficiary name; (f) all shipping documents (B/L, packing list, commercial invoice). This trail protects you against tax questions, defect disputes, and AML reviews.

E-E-A-T — Why You Can Trust This Guide

Expertise. ChineseCheck is built by a team with operational experience in China sourcing, importing, and supplier verification, across consumer electronics, apparel, and industrial goods. Our supplier-verification product pulls directly from China's State Administration for Market Regulation (SAMR) and other official public registries to validate every data point in a business license.

Experience. This guide draws on documented wire-fraud cases and known BEC patterns observed across thousands of sourcing conversations. The 5-step protocol is the exact process we teach buyers who come to us after a near-miss.

Authority & Trust. The legal and regulatory framework cited in this article is drawn from the People's Republic of China Commercial Bank Law, the Anti-Money Laundering Law of the PRC (2007, revised 2024), regulations from the State Administration of Foreign Exchange (SAFE) available at safe.gov.cn, and anti-fraud guidance from the People's Bank of China (PBOC). Business Email Compromise statistics are published annually by the FBI Internet Crime Complaint Center (IC3) at ic3.gov. AML and sanctions obligations for US-based buyers are described in US Department of the Treasury OFAC guidance. We cite these authorities directly rather than paraphrasing, and we keep this article updated when major regulations change.

We do not provide legal or tax advice — consult your own attorney or CPA for decisions that apply to your specific situation.

Related Reading

• Safe Payment Methods for Chinese Suppliers — What Actually Works
• How Much Should You Pay Chinese Suppliers Upfront? The Risk Framework
• 30 Red Flags When Dealing with Chinese Suppliers
• Chinese Supplier Scam Prevention — The Complete Playbook
• Alibaba Scams and How to Avoid Them
• How to Verify a Chinese Supplier in 7 Steps

Conclusion — Trust, But Verify the Bank Account Every Single Time

A Chinese supplier asking you to wire payment to a personal bank account is almost never a routine request. It is, in roughly 99 cases out of 100, one of three things: a hijacked-email attacker waiting for your balance payment, a real supplier asking you to participate in their tax evasion (which creates your own legal exposure), or a fake operation that never intended to ship. In all three cases, the money is nearly unrecoverable once it lands in the mule account.

The fix is not complicated. Before you wire anything — especially before a balance payment — reconfirm the bank details through a channel separate from the email thread. Call a number from your own records. Match the account name to the business license character-for-character. Ask for a Bank Confirmation Letter. If anything feels off, slow down. Every hour you spend verifying is dramatically cheaper than the cheapest fraud recovery attempt.

A legitimate supplier will never be offended by your due diligence. A scammer will try to rush you past it. That single fact is the most powerful test in your toolkit.