Project Description

Hear how fraudsters used BEC to direct wire payments to fake accounts.

Business Email compromise


“I was on pins and needles. It was roughly $36,000 we lost.  I thought what did we do?  What did I miss?”


Music Up/Intro


From Wells Fargo Treasury Management, this is True Stories of Fraud. I’m Aaron Grayson.


The man you just heard is Norman, the accounting manager for a paper box company. They make custom folding cartons and boxes. From cereal boxes to shipping boxes.

About 350 million units a year. The company has many vendors. One, a national giant that Norman’s company relies on for tons of materials. That’s how fraud often happens. By trusting an entity you know. I’ll let Norman explain.



“An important vendor sent us an email. They had some open invoices. In the email they said their account information needed to be changed. There was a letter they attached from their bank to verify it. It’s a big company with different locations. Mostly we get a general email from their accounts receivable. Not a person.


Aaron:   Norman told me they followed the process they know. Pretty standard stuff.


Norman:  I asked Katie in accounts payable to change the vendor’s account information like they asked. So, I doubled checked what she did and approved it.  On Friday we processed a batch of ACH payments to our vendors.



The payments would clear on Tuesday. Then, after the weekend, back at work, things started to unravel.


Music Up/ raising suspense



Monday morning that very same vendor reached out by email. They said they received a cyber security alert telling them their computer system was hacked.

And asked us to look out for any suspicious behavior.



Clues of the fraud began to surface.


Norman:  That was the vendor whose bank information we changed on Friday.


Aaron:  Norman and his team took the bait. They changed their banking account number to the one the fraudster had placed in their email.


Norman:  The letter from the bank they attached. It all looked so legitimate. So believable.


Music Out



Over $36,000 was transferred because of one routine, unsuspecting email.

$36,000 stolen without talking to a soul.

That’s how sophisticated fraudsters can be.

There’s a term for it. Business Email Compromise – BEC. It’s a rising form of Payments Fraud.

A record 80% of companies were targets of Business Email scams in 2018.

Last year, more than half the companies targeted by this business email attack suffered a financial loss.


The scammer’s techniques vary. For Norman and the Paper Goods Company, it was a fraudster impersonating their vendor and re-directing ACH payments.



After the fraud attack, we looked back and saw the vendor’s name was changed by one letter. They replaced an O with a C in their name.  And West Rock became West Rook. We totally missed it.



Aaron: And with a pile of emails filling your in-box, your eyes see what it assumes the address to be.


Music under


So, how did the fraudsters know the amount of the invoice?

How did they know which bank the Vendor did business with?

And the Bank’s approval letter, why did it look completely authentic?


Remember, the vendor said their system had been hacked?  That was the fraudster’s first move. Once they hack inside a corporate email server, they grab customers’ billing information, email addresses, bank correspondence, payment schedules. Then they meticulously forge everything necessary to pull off the deception. If it all works, it’s money in the bank. A huge wire transfer to their fake account.



Luckily, Wells Fargo was able to help us recover all of the money. They were very helpful. Very understanding – our local banker and the person in the fraud department, too.



I checked with the fraud protection experts with Wells Fargo Treasury Management. They shared with me ways to protect against Business Email Compromise.


  1. Make sure to use a different contact method to confirm any changes or requests. If the request comes by email, use the phone, call the vendor to verbally verify payment requests or change account information.
  2. Always use the vendor or customer contact information you have on file to verify requests. Never use the phone number or account numbers contained in the email. They could be falsified.
  3. Use dual custody – that means both the person who initiates the payment and the person approving it must pay close attention to the payment details.
  4. Scrutinize emails. They can be ever so slightly altered to disguise a fraud attack.


Like changing the letter “C to an O” …  If you’re not careful, replacing just one letter

could cost you a lot of numbers.


Music resolve



Wells Fargo shares these true stories to give you insight into possible scams and the guidance to help protect your company from these serious threats of financial loss.


Join me for more True stories of Fraud.  I’m Aaron Grayson.

Thanks for listening.

And stay vigilant.


Music OUT

Related content