When payment instructions change by email, the key question is often whether the message came from the real supplier, a compromised account, a lookalike domain, a sales agent, or a fraudster connected to the transaction.
Save the original .eml or full-header record, not only forwarded screenshots or copied text.
Compare the sender domain, reply-to, beneficiary bank, invoice number, Alibaba/WeChat messages, and supplier confirmations.
Spoofing evidence can shape fraud allegations, bank subpoenas, domain records, Hague service exhibits, and asset-preservation requests.
A screenshot may show the instruction, but headers can reveal routing, spoofed domains, compromised accounts, reply-to changes, and timing that supports discovery or urgent recovery steps.
Collect original emails with headers, changed bank-account notices, invoices, wire receipts, MT103 traces, domain WHOIS or registrar clues, WeChat/Alibaba confirmations, supplier denials, and fraud reports.
The email record can affect whether the claim is framed as supplier breach, wire fraud, agent-authority dispute, or payment-beneficiary mismatch, and whether subpoenas or asset freezes should be pursued before funds disappear.
This page is general information, not legal advice. Preserve original records before forwarding or editing them, and review defendant names, service addresses, discovery options, and recovery timing before filing.
Save the original message with full headers or the .eml file, plus the invoice, wire receipt, reply thread, and any supplier confirmation or denial.
It can support bank recall efforts, recipient-bank subpoenas, payment-processor discovery, platform freezes, and settlement leverage, depending on timing and reachable records.
Sometimes. Counsel should compare contract parties, invoice issuers, bank beneficiaries, domains, platform accounts, and Chinese company names before finalizing pleadings and Hague service documents.
Compare the evidence path with these related China litigation and Hague service resources: