Skip to content

Compliance

Addressing the Wire Transfer Scam Threat

← All articles
Filed under Compliance

Business Email Compromise Schemes Threaten Funds Transfers

As updated statistics from the FBI's Internet Crime Complaint Center show, business email compromise (BEC) schemes increasingly put funds transfers at risk. Between June 2016 and December 2021, reported exposed dollar loss associated with BEC schemes was greater than $43 billion.

Now more than ever organizations and individuals must implement controls to recognize and prevent BEC scams and safeguard their fund transactions.

What is the BEC threat?

A BEC scam targets businesses and individuals performing wire transfer payments. The email account compromise (EAC) part of BEC targets individuals who perform wire transfer payments.

The BEC scam is often carried out when a cyber-actor compromises legitimate business email accounts through social engineering or computer intrusion. The result is an unauthorized transfer of funds.

According to the U.S. Secret Service, BEC scams target financial institutions, real estate companies, health care firms, human resources organizations, educational institutions and large-scale construction and contracting firms.

The BEC scam is just another confidence game where the bad actors convince humans to click on bad links or attachments, enabling the bad actor to install malware on the company's computer system, or mistakenly believe that the sender of an email attaching wiring instructions or seeking information is making a legitimate, authorized request.

The BEC scam is often carried out when a subject compromises legitimate business email accounts through malware (computer intrusion techniques), spoofing email addresses or social engineering. The result is an unauthorized transfer of funds.

These schemes constantly evolve, and have taken a variety of forms:

  • Hacking or spoofing of email accounts of CEOs and CFOs;
  • Compromise of personal emails and vendor emails;
  • Spoofed law firm email accounts, (a favorite in real estate transactions); and
  • Requests for W-2 information.

In each such evolution, the scammers seek to use authority (an email that looks legitimate), and urgency (e.g., "we need this immediately") to effectuate fraudulent transfers.

Addressing the BEC Threat

Organizations can take several steps to address the threats presented by a BEC scam:

  • Verify all payment changes and transactions in-person or via a known, established telephone number. Continue to ensure contact information is current and updated.
  • Carefully check email addresses for slight changes that can make fraudulent addresses appear legitimate and resemble actual companies' names.
  • Implement robust approval procedures for vetting account change requests to prevent monetary losses.
  • Enable security features that block malicious emails, such as anti-phishing and anti-spoofing policies.
  • Educate employees on BEC scams, including preventive strategies such as how to identify phishing emails and how to respond to suspected compromises.
  • Notify customers about BEC threats and mitigation methods your company is taking, such as notifying customers of internal processes for changing or updating ACH banking information.

Security is an ongoing process

The pace of change in computer technology and communications can be bewildering. However, identifying and understanding the risks to payment information, and using the tools available to organizations address those risks, help make this ever-evolving process more manageable.

a person sitting on a couch using a laptop

Found This Useful? Let's Get You Set Up.

Start an application and an expert will tailor the next steps to your situation.

Related reading

15 Licensing Application Process Facts That Delay Approvals

Compliance

15 Licensing Application Process Facts That Delay Approvals

Most licensing delays come from small misses. A payment method that does not work, a stale certificate, the wrong signature, a missing ownership detail. These are the things that slow down filings, trigger deficiencies, and force teams to redo work they thought was finished. We pulled these from the webinar because they came up naturally [...]

California Delete Act: DROP Deadline and Data Broker Rules

Compliance

California Delete Act: DROP Deadline and Data Broker Rules

Property managers in Maryland are running into a question that is getting more attention and creating real operational risk. Does collecting rent, especially when a tenant is past due, trigger Maryland's collection agency licensing requirements?

The Changing Compliance Landscape for Consumer Lenders

Compliance

The Changing Compliance Landscape for Consumer Lenders

Explore evolving compliance rules for consumer lenders, CFPB updates, and strategies to stay compliant in 2025 and beyond.

Wisconsin Earned Wage Access Services

Licensing

Wisconsin Earned Wage Access Services

Cornerstone unveils a new look and website as the company celebrates its 25-year anniversary

Wisconsin: Financial Services Proposed Legislation

Licensing

Wisconsin: Financial Services Proposed Legislation

Explore Wisconsin's proposed financial reforms with SB 668, AB 948, & SB 859, set to revamp licensing and regulations for service providers.

You Can't Outsource Risk

Licensing

You Can't Outsource Risk

Since the burden of compliance flows upstream and you can no longer simply outsource risk downstream it is now imperative that credit grantors and debt buyers understand the state licensing requirements of all their downstream partners and develop a process to make sure that they remain in compliance at all times. Before we move forward [...]

Browse the full insights library, meet our editorial team, or download our whitepapers.

Insights

Found This Useful? Let's Get You Set Up.

An expert will respond within one business day.