How Does Business Email Compromise Lead to Wire Fraud?

Updated July 9, 2026 5 min read

An invoice from a familiar vendor, or an urgent request from someone who signs off like the boss always does, is often all it takes to move a wire transfer somewhere it was never meant to go.

The short answer

Business email compromise is a scam in which someone impersonates a trusted party — a vendor, an executive, or a business partner — usually through a spoofed or hijacked email account, to convince an employee to send a wire transfer to an account the criminal controls. It works because it exploits routine business processes rather than a technical flaw, relying on the request looking ordinary enough to bypass a second look. Because wire transfers move quickly and are difficult to reverse, this scam is particularly effective once the payment instructions are believed.

How the impersonation typically works

The scam generally starts with either a compromised email account or a look-alike domain that’s nearly identical to a real one, differing by a character or two that’s easy to miss at a glance. From there, the criminal studies how the real business communicates — invoice formats, typical payment timing, even writing style — before sending a message that fits the pattern closely enough not to raise suspicion. This groundwork is what separates business email compromise from a generic phishing attempt; it’s tailored to look like something the recipient already expects.

Common tactics used to prompt a transfer

Urgency and a discouragement from double-checking are common threads across all three, since the scam depends on the request being acted on before it’s questioned.

Why wire transfers are the preferred target

Wire transfers are attractive to this kind of scam because they typically move funds quickly and offer far fewer recovery options than other transfer methods once the funds have settled into the receiving account. This is part of why wire transfers often carry higher costs than other transfer types — some of that cost reflects the handling and verification built around a transaction that’s hard to unwind.

Basic verification steps that help

Confirming a payment instruction change through a separate, previously known contact method — calling a phone number already on file rather than one provided in the suspicious message — breaks the pattern the scam depends on. Treating any request that combines urgency, secrecy, and a change in payment details as worth an independent check, similar to the caution warranted around any P2P payment request that feels off, reduces the odds of a routine-looking message resulting in a genuine loss.

The takeaway

Business email compromise succeeds by mimicking the ordinary rhythm of business communication closely enough that a request doesn’t stand out. Slowing down on any payment instruction change, and verifying it through a channel the scammer doesn’t control, is the practical safeguard that matters most, since the fraud generally isn’t caught by the email itself looking suspicious — it’s caught by the verification happening at all.