Team meets in conference room

Watch out for e-mail compromise fraud schemes

Banks and their customers are increasingly being victimized by e-mail compromise fraud schemes in which cybercriminals misappropriate funds via fraudulent wire transfers. According to the Financial Crimes Enforcement Network (FinCEN), there have been approximately 22,000 reported cases of e-mail compromise fraud schemes since 2013 involving $3.1 billion.

In a special Advisory to Financial Institutions, FinCEN detailed how these schemes work. Cybercriminals use social engineering or computer intrusion techniques to compromise victims’ commercial and personal e-mail accounts in order to obtain sensitive bank account information.

Once they have this information, criminals send fraudulent wire transfer instructions to the bank that look like they came from the victim. The instructions direct the bank to wire money to the criminal’s account, commonly located in an Asian bank, especially in China or Hong Kong.

The best way for banks to detect and prevent e-mail compromise fraud schemes like this is to carefully review and verify all wire transfer instructions (including out-of-bank verification) and initiate strong callback procedures. You should also consider the circumstances surrounding these instructions, the Advisory suggests.

The Advisory also listed a number of red flags that could indicate this type of fraud, such as the following:

  • Transaction instructions include a different language, timing and amount than previously verified instructions.
  • The beneficiary’s account information is slightly different from the information contained in previously verified instructions.
  • Transaction instructions contain trigger language like “Urgent,” “Secret” or “Confidential.”
  • The e-mail account from which transaction instructions originate is slightly different from a known customer’s e-mail account — for example, [email protected] instead of [email protected].
  • Transaction instructions direct that payment be made to a beneficiary the customer has no payment history or documented business relationship with.

If your bank has been victimized by an e-mail compromise fraud scheme, you can file a complaint with the FBI’s IC3 by visiting Keep in mind that you may also have Suspicious Activity Report (SAR) filing obligations.

Related sections

Data center, server
Next up

Dark Web: cybersecurity and the biggest threat facing your organization