How Does Business Email Compromise Lead to Wire Fraud?
An invoice from a familiar vendor, or an urgent request from someone who signs off like the boss always does, is often all it takes to move a wire transfer somewhere it was never meant to go.
The short answer
Business email compromise is a scam in which someone impersonates a trusted party — a vendor, an executive, or a business partner — usually through a spoofed or hijacked email account, to convince an employee to send a wire transfer to an account the criminal controls. It works because it exploits routine business processes rather than a technical flaw, relying on the request looking ordinary enough to bypass a second look. Because wire transfers move quickly and are difficult to reverse, this scam is particularly effective once the payment instructions are believed.
How the impersonation typically works
The scam generally starts with either a compromised email account or a look-alike domain that’s nearly identical to a real one, differing by a character or two that’s easy to miss at a glance. From there, the criminal studies how the real business communicates — invoice formats, typical payment timing, even writing style — before sending a message that fits the pattern closely enough not to raise suspicion. This groundwork is what separates business email compromise from a generic phishing attempt; it’s tailored to look like something the recipient already expects.
Common tactics used to prompt a transfer
- A spoofed invoice. A legitimate-looking bill arrives with updated payment instructions, often claiming a bank account changed recently.
- An urgent executive request. A message appears to come from a senior leader, framed as time-sensitive and best handled quietly, discouraging the recipient from verifying through another channel.
- A compromised vendor account. A real vendor’s email account gets taken over, so the fraudulent message comes from an address that has a genuine prior relationship with the recipient.
Urgency and a discouragement from double-checking are common threads across all three, since the scam depends on the request being acted on before it’s questioned.
Why wire transfers are the preferred target
Wire transfers are attractive to this kind of scam because they typically move funds quickly and offer far fewer recovery options than other transfer methods once the funds have settled into the receiving account. This is part of why wire transfers often carry higher costs than other transfer types — some of that cost reflects the handling and verification built around a transaction that’s hard to unwind.
Basic verification steps that help
Confirming a payment instruction change through a separate, previously known contact method — calling a phone number already on file rather than one provided in the suspicious message — breaks the pattern the scam depends on. Treating any request that combines urgency, secrecy, and a change in payment details as worth an independent check, similar to the caution warranted around any P2P payment request that feels off, reduces the odds of a routine-looking message resulting in a genuine loss.
The takeaway
Business email compromise succeeds by mimicking the ordinary rhythm of business communication closely enough that a request doesn’t stand out. Slowing down on any payment instruction change, and verifying it through a channel the scammer doesn’t control, is the practical safeguard that matters most, since the fraud generally isn’t caught by the email itself looking suspicious — it’s caught by the verification happening at all.