Email Based Funds Transfer Frauds

by John Bandler

Email based funds transfer frauds is my name for a pernicious and pervasive cybercrime whThree Priority Cybercrime Threats 2023-7 (4) Email fraudere the criminals use email to divert payments and steal money.

Names for this fraud include:

  • Business email compromise (BEC)
  • CEO fraud, CFO fraud, CxO fraud, and more
  • Email based funds transfer frauds

This is one of three priority cybercrime threats that all individuals and organizations should be aware of (the other two top threats are data breaches and ransomware).

Read this if nothing else

  • Cybercriminals compromise email accounts and misroute bank wires. Protect yourself.
  • Secure your email accounts properly (strong unique passwords and two factor authentication)
  • Confirm all payment instructions verbally (phone call)
  • Confirm changes to payment instructions verbally.

Funds transfer frauds in a nutshell

Simply put, this fraud is when cybercriminals use email messages to divert and steal money. Cybercriminals impersonate others, either by compromising ("hacking") email accounts, or by establishing new similar looking email accounts, or through a combination of both. Then they send emails to trick recipients into wiring funds into the criminal's hands, instead of where they were intended to go. This is an example of criminal "social engineering" (con-artistry) and can result in massive theft that is difficult to solve.

The funds may not go directly into the criminal's hands. These cybercriminals may enlist "money mules", either unwitting or knowing accomplices who receive the initial payment and then forward it along.

It is a devastating crime that has victimized many people and businesses. For individuals, it has stolen their life savings, causing stress and feelings of helplessness. For businesses, it can put them at risk of failure, lead to legal and other consequences, and requires time and expense to address.

Want more detail on how this happens? See link below to my other page.

Prevention of email based cybercrimes

First, here are ways we can prevent this crime:

All of us, individuals, businesses, etc.:

  • Secure email accounts with strong passwords and two-factor authentication. My articles and cybersecurity book have details, so do links below.
  • Don't become a money mule. Know who you are doing business with, know your client, customer, business partners, know where the money is coming from and going to.
  • Verbally confirm any funds transfer instructions, or changes to those instructions. Do not rely upon emailed instructions.
  • Businesses should develop and improve their cybersecurity program.


  • Warn customers about this fraud before they send funds. Ask the customer: "Did you speak by phone with the person who sent you these wire instructions?" Tell the customer "There is a rampant fraud called business email compromise. Please read John Bandler's article on the subject." (Or, the bank could write their own summary of the fraud).
  • Detect, shut down, and don't forward funds relating to "money mule" accounts. Money mule accounts receive fraudulently induced wires, then forward them out of the country.
  • Investigate, warn, try to recover the funds as if they were your own

Attorneys: As above. Secure your email accounts, warn clients about this fraud, advise clients to verbally confirm any funds transfer instructions. (See my attorney CLE materials).

Real estate agents and others: Ditto.

All organizations that receive, forward, or send payment instructions. Ditto.

Law enforcement:

  • Work more of these cybercrime investigations, follow the money, indict, apprehend, and extradite those profiting from it.
  • Provide victims with a seamless reporting process for cybercrime, and promptly investigate and follow up on these reports.
  • If government investigates and deters these crimes, it helps prevent them (more in a second).

After this crime has occurred, work fast to try recover funds, or stop them before they leave this country.

  • Call the FBI, local police, report to the FBI's IC3 website. Be politely persistent. Ask the FBI to stop the wired funds from going any further (the wire fraud "kill chain").
  • Call your bank, ask them to stop and trace the funds. Ask them to confirm they are in contact with law enforcement.
  • Consider hiring someone to help you.

Investigate these crimes

Equally important is properly investigating these crimes. That is a job for both law enforcement and the private sector. See my article linked to below with more details on how these crimes happen.

Consider the perspective of the victim. Many victims of this crime simply want the money back, and are initially less interested in how it happened, where the money went, and various details of the crime. However, obtaining relevant facts helps the victim make informed decisions about legal options and what path to take. The facts could help with recovery of the funds, or shed light on whether a third party (someone other than the cybercriminal) might bear some responsibility for the theft. In sum important legal decisions should not be made until relevant facts are known.

Law enforcement presents another important perspective. It is their job to investigate these crimes and hopefully catch some of the offenders. Only when criminals believe there is a chance of being brought to justice can we have some deterrence. To maximize scarce resources, law enforcement needs good cooperation from the private sector.

Clues are in the details

The details of these cybercrimes are fascinating to me. I believe learning and understanding the facts are the first step before deciding upon future actions. The era of cybersecurity negligence lawsuits are upon us, but still in their infancy and evolving.

Identifying and catching the cybercriminal would be great.

Among the various victims, whether any of them were negligent or not depends upon the facts and surrounding circumstances, and I believe it is best to learn facts before contemplating litigation. If you have a strong case, this can help negotiations, and you might be able to resolve the matter without any expensive litigation. If you have a weak case, you can save yourself years of stress and the expense of an unnecessary lawsuit.

Good cybersecurity helps prevent cybercrime

How does an organization (or individual) protect against these email based scams that try steal these wired funds? Knowledge and awareness are essential and constitute my first pillar of cybersecurity. All organizations should have a procedure to deal with funds transfer instructions. All of this should be part of a broader plan to attain and exceed "reasonable security". I recommend following (my) Bandler's Four Pillars of Cybersecurity, having a cybersecurity policy, an incident response plan, following them, and seeking continual improvement.

Cybercriminals are always evolving and prevention is always better than the cure. Better to avoid the problem than deal with the aftermath. Cybersecurity is important for all of us, our families, and our professional lives. My first book (Cybersecurity for the Home and Office) is comprehensive and can help you understand technology, the privacy and cybercrime threats, and how to secure yourself and your business.  My second book (Cybercrime Investigations) is focused on investigating after the crime, but still, incident response starts with planning before any incident occurs.


Every individual and organization could be victimized by this crime. Knowledge can prevent it.

This is a brief summary with many simplifications, attempting to bring complex subject matter to all readers in an understandable and accessible manner. It is not legal advice nor consulting advice, and is not tailored to your circumstances.

If your organization needs help improving cybersecurity, creating or improving your policies, complying with cybersecurity related laws and regulations, contact me. Good policies are an important part of cybersecurity, along with Bandler's Four Pillars of Cybersecurity.  Sometimes individuals need help with cybersecurity and investigations too.

Additional reading

This article is hosted at and is about a priority cybercrime threat.

This article is also available on at (though perhaps not kept as current).

Originally posted here February 2019 based on my 2017 Huffington Post article. Updated 8/3/2023.