Could Your Employees Fall For A Spoofed Email?

A business had been doing business with a company based in China for several years and had wired payments to that business at the Agricultural Bank of China. The business suddenly received an email communication which appeared to be from their vendor indicating that their name and wiring instructions had changed. The business then initiated a wire payment in the amount of $34,609 using the new wire instructions.

Several days later the business received an email communication from their vendor requesting to have the funds that were wired be returned to the business as they had a different (second) set of wiring instructions. The funds originally wired were returned to the business' bank and the funds were credited back to the business‰' account and the business then initiated a new wire for $34,577 per this second set of updated wiring instructions. A month later, the business received a third set of wiring instructions, also via email from their vendor, to send additional funds to another company and the business initiated a wire in the amount of $36,814 per this third set of updated wiring instructions.

The following day the business requested that the Bank send a message requesting that the funds wired per this set of instructions be returned per additional instructions from the "vendor". These funds were never returned. In each of these cases the business requested a new wire template be added to online banking.

Another month later, the business spoke with their vendor and at that time were told that the vendor had not received any payment nor had they changed their name or banking information. The business is in the process of settling a loss of $71,391 with their vendor, who has acknowledged that they had a breach of their systems which lead to the fraudulent email communications and subsequent wire payments.

Potential Loss

The potential loss in this case is$71,392. Additionally, the businesses loses employee time to contact law enforcement, close and open a new bank account, contact existing vendors with automated payment set up and review of internal procedures.


The best defense in this situation is employee education. Carefully scrutinize all email requests for wire transfers to determine if the requests are out of the ordinary. Confirm wire transfer instructions with the vendor, especially when the requester is out of the office, using an alternate and previously established communication channel to avoid having the fraudster receiving and spoofing the confirmation request.

Dual Control

Dual control in place for one person to submit request for payment with a second person verifying to a source document and approving the payment. Be skeptical of any variations to typical business practices and wire transfer activity, such as a current business contact suddenly asking to be contacted via their personal email address when all previous official correspondence has been through a company e-mail address.

Be suspicious of requests for secrecy or pressure to take action quickly. Scrutinize email addresses for accuracy and be aware of small changes that mimic legitimate addresses, such as single characters that have been added, removed, or duplicated in the local segment of the address, or a change in the hostname. Use discretion when posting to social media and company websites, especially job duties/descriptions, hierarchal information, and out-of-office details.