A Business Scam Story

How It Started

Mark, the controller for a small manufacturing company, managed vendor payments and cash flow as part of his daily responsibilities. One morning, he received an email from a long-standing supplier explaining that the vendor had changed banks and needed to update wire instructions for future payments.

The email appeared legitimate. It came from the vendor’s real email address, referenced recent invoices, and used a tone consistent with prior correspondence. With multiple deadlines approaching and no obvious red flags, Mark updated the wire instructions in the accounting system and initiated a payment later that day.

What Actually Happened

Unknown to Mark, the vendor’s email account had been compromised weeks earlier through a phishing attack.

Cybercriminals had been silently monitoring messages, learning the vendor’s communication style and waiting for an opportunity to intervene.

When the timing was right, they sent the fraudulent “bank change” email. The wire instructions directed funds not to the vendor, but to an account controlled by the criminals. Once the wire was sent, the funds were quickly moved through multiple accounts to make recovery more difficult.

The issue only came to light several days later when the vendor followed up to ask why payment had not been received.

How It Was Resolved

Mark immediately contacted the bank upon realizing the mistake. The bank initiated a wire recall and filed appropriate notifications. Although only a portion of the funds could be re-covered, the prompt response prevented additional losses.

Following the incident, the business worked closely with the bank to strengthen internal controls. New procedures were implemented, including mandatory call-back verification for payment changes, dual approval for wires, and employee training focused on business email compromise (BEC) scams.

The incident served as a costly but valuable lesson in how even trusted relationships can be exploited.

What You Should Do