man looking at a laptop

With cybersecurity breaches making frequent headlines, consumers may wonder how to protect themselves. Simply taking measures to guard against identity theft, data breaches and other cyber threats may not be enough as bad actors become more sophisticated.

Account Takeover, or Business Email Compromise (BEC), is when a cybercriminal launches a successful phishing attack to gain control of their victim’s email account

Once inside, the thief will either launch additional phishing attacks on the account holder’s contacts or insert themselves into an existing conversation. Their goal is to steal personal information or obtain financial gain by leading you to believe you are interacting with someone you trust.

Common victims of account takeover

  • Financial Institutions
  • Law Firms
  • Insurance Organizations
  • Large Companies
  • Executives

Account Takeover + Wire Fraud

Wire fraud occurs when a cybercriminal successfully obtains money from their victim via wire or ACH payment.

Imagine receiving an email from a familiar source. The message might sound urgent, requesting a change in payment method, such as switching from check payments to ACH (Automated Clearing House) transfers. Unbeknownst to you, this email is not from the actual source but from a cybercriminal. By complying with the request, you unknowingly transfer funds into the criminal's account.

Account Takeover email with wire fraud example

Hi Sam,

How are you doing today? Has our account receivable team sent the invoice? Regarding payment for deposit, we’ll prefer to receive payment via ACH/EFT. I’ll send our ACT remittance instruction upon your request. Please kindly acknowledge the receipt of my email. I await your response as soon as possible.

Other possible scenarios

You’re a corporate lawyer working on a legal settlement. Suddenly, the contact at the law firm you’re conducting business with asks that the settlement be changed from a check payment to an ACH.

You’re working with a vendor, and they send you an invoice with instructions that have suddenly changed or are different than what they’ve used in the past.

While buying a home, you receive an email from your agent with wire transfer instructions for the down payment. The email appears genuine, so you send the money. Days later, your agent asks about the missing payment. Unfortunately, cybercriminals intercepted your communication, impersonated your agent, and redirected your payment to their account.

Identify the Red Flags Account Takeover Attacks

It’s important you are able to identify when an account takeover or wire fraud attack hits your inbox, especially when the attack appears to be coming from a trusted contract.

A reply is received from an old email conversation

The reply includes a link or an attachment that is unexpected.

A reply from a contact suddenly has a different tone

Words like “kindly,” or “warmly” are used or the tone becomes more–or less–formal than usual. Spelling or grammatical errors may also be present. A request to hurry or immediately act is stressed.

A wire or ACH transfer is suddenly requested, and instructions may be included

Another form of payment may have already been discussed in writing, or the instructions are different than usual.

The sender asks to change a standard business process that is generally known and accepted

Take immediate action

Take the time to carefully review all your emails. If you feel that an email doesn’t seem quite right, trust your instincts.

Don’t respond to the sender and engage them in any way

Remember, it’s possible that the person on the other end is a criminal.

Don’t click on any links or attachments.

Links could take you to malicious sites and attachments may contain code.

Reach out to your contact directly

Use a phone or another method to verify the change requested – in many cases they may not know their email is compromised.