Trust, then verify
Use known TURLL channels for sensitive instructions.
Unexpected requests involving bank details, passwords, payment links, remote access, urgent secrecy or unusual attachments should be treated as suspicious. Verify using contact details already known to you or published on this website—not details contained only in the suspicious message.
Payment protection
Never rely on an email-only change of bank details.
If beneficiary name, bank, account number or country changes unexpectedly, do not transfer funds until you have independently verified the change by phone or WhatsApp using a previously known TURLL contact.
- Match the quotation or pro-forma number
- Check the beneficiary name and currency
- Confirm unexpected changes out-of-band
- Do not share one-time passwords or card security codes
- Be cautious with shortened or misspelled links
- Keep payment and verification records
Suspicious messages
Do not click, reply or open the attachment.
- Preserve the message. Keep the original headers or save the email as a file if your mail client supports it.
- Verify separately. Contact TURLL from this website or an existing trusted thread.
- Report quickly. Include the sender address, time, subject, screenshots and any payment reference.
- Contact your bank. If funds or card information may be at risk, act immediately using the bank’s official fraud channel.
Account security
Protect the email account behind your orders.
Unique password
Use a password not used on other services and store it in a reputable password manager.
Multi-factor authentication
Enable it on your business email and payment accounts whenever available.
Least access
Limit who can approve supplier bank changes and high-value payments.
Report an incident
Contact us through a verified channel.
Do not include passwords, full card numbers or one-time security codes.