Finance for Growing Companies | Cash Flow Desk
What Is Wire Fraud?
Finance for Founders

What Is Wire Fraud?

Brian from Cash Flow Desk
Brian from Cash Flow Desk

March 25, 2026

A single fraudulent wire transfer can drain a business account in minutes, and recovering the money is almost never straightforward. Wire fraud is closely related to other ACH fraud schemes, though the mechanics and recovery options differ significantly. Finance teams that process outgoing wires regularly face a growing volume of social engineering attacks designed to exploit speed and trust.

This guide covers how wire fraud works, the most common schemes targeting businesses, how to spot warning signs before money leaves your account, and what to do if your company is targeted.

Wire fraud defined under federal law

Wire fraud is a federal offense under 18 U.S.C. § 1343 that occurs when someone uses electronic communications to deceive another party into transferring money or property. The FBI's 2024 Internet Crime Report documented $16.6 billion in cybercrime losses, with business email compromise (BEC) alone accounting for $2.77 billion across 21,000 incidents. Prosecutors must prove four elements: deliberate misrepresentation, intent to defraud, use of interstate wire communications, and intent to obtain money through deception.

Standard convictions carry up to 20 years in federal prison and fines up to $250,000. When the fraud involves a financial institution, penalties increase to 30 years and $1 million in fines. Recent prosecutions have resulted in sentences of 10 to 12 years according to DOJ wire fraud case outcomes, and courts have shown little leniency even for first-time offenders.

How wire fraud schemes target businesses

Most wire fraud follows a predictable pattern, even though the social engineering behind each attack looks different. Knowing the sequence gives finance teams a better chance of catching an attack before the transfer goes through. Each stage builds on the one before it, so stopping the chain at any point prevents the loss.

The process typically moves through four stages:

  • Target research: Criminals study organizations through LinkedIn profiles, company websites, and public filings to identify businesses that process large or frequent wire transfers.
  • Email compromise: Attackers access internal email accounts through phishing or malware, then monitor payment workflows and approval chains for weeks before acting.
  • Fraudulent request: Using compromised accounts or convincing spoofs, they craft payment requests that reference real projects and match the tone of legitimate senders.
  • Rapid fund movement: Once a transfer initiates, funds move through intermediary accounts and often convert to cryptocurrency within hours, making recovery far more difficult than with reversible methods like ACH or EFT.

This sequence is consistent across most BEC cases, so your controls should address each step. Building a checkpoint at each stage gives your finance team multiple chances to catch an attack before funds leave the account.

Common wire fraud scams

Wire fraud takes several forms, each exploiting a different gap in how companies handle payments and communications. These are the schemes that show up most often in FBI case data, and most businesses encounter at least one before putting formal controls in place.

Business email compromise

BEC is the single largest category of wire fraud losses. Criminals compromise a legitimate business email account or create a near-identical domain, then request unauthorized transfers or redirect scheduled payments. The attacks succeed because they come from trusted addresses and reference real projects. Warning signs include:

  • Banking detail changes: Unexpected requests to change vendor banking details, especially when the request arrives outside your normal vendor management process.
  • Urgency without context: Transfer requests that bypass normal approval and pressure the recipient to act before verifying.
  • Spoofed email addresses: Addresses with subtle character substitutions that pass a quick glance but fail a careful check against your contact records.

Any of these signals should trigger a verification call to a known contact number before the payment moves forward. A 60-second phone call catches the majority of BEC attempts before money moves.

Executive impersonation

Fraudsters pose as a CEO, CFO, or other senior leader and contact someone in finance with an urgent, confidential transfer request. These messages claim the funds are for a time-sensitive acquisition or legal matter and pressure the recipient to skip verification. Companies using corporate card solutions with built-in approval controls are harder to exploit because the card enforces policy before money moves.

Vendor payment fraud

This scheme is a subset of broader vendor fraud tactics. Criminals intercept vendor communications or compromise a supplier's email account, then send invoices with altered banking information. The attack is hard to catch because the email thread, project details, and invoice formatting all look legitimate, so accounts payable teams process the payment without realizing the bank account has changed. Verifying any banking change through a phone call to a known contact reduces this risk.

Account takeover and credential theft

Phishing emails that mimic IT department password reset notices give attackers direct access to banking portals and financial systems. Once inside, they initiate transfers without needing to impersonate anyone. Multi-factor authentication on every financial account blocks this entire category of attack.

Red flags that signal wire fraud

Recognizing warning signs before a transfer goes out is the strongest defense your team has. Finance staff who process payments should treat any of the following as a reason to pause and verify through a separate channel. Two or more red flags appearing together in the same request should stop the payment until your team confirms legitimacy independently.

  • Subtle email variations: Domain names with character substitutions, like replacing a lowercase "l" with the number "1," or addresses one letter off from a known vendor.
  • Artificial urgency: Language like "this needs to go out today" or "don't loop anyone else in," paired with pressure to skip your normal approval workflow.
  • Last-minute banking changes: New wire instructions arriving just before a payment deadline, with a request to update the vendor's account details.
  • Requests to bypass controls: Any message asking someone to skip dual approval, process a transfer outside normal channels, or keep the transaction confidential.

Each of these patterns tries to override your verification process through urgency, authority, or both. Training your team to spot that pressure and pause instead of act separates a successful defense from a costly loss. Quarterly walkthroughs of real BEC examples build pattern recognition that policy documents alone cannot.

How to prevent wire fraud

Prevention means building verification steps that are hard for an outside attacker to bypass, even with access to your email systems. The controls below address the most common attack vectors, and most companies can implement all five within 90 days without adding headcount.

Set up multi-factor authentication on every financial account

The FBI identifies MFA as the highest-priority defense against business email compromise. Start with executives, finance staff, and anyone with wire transfer authority in the first 30 days, then roll it out company-wide within 90 days. MFA stops the account compromises that make BEC attacks possible and adds minimal friction once your team adjusts.

Require dual approval and separation of duties

No single person should be able to both request and approve a wire transfer. For companies with fewer than 200 employees, dual approval on transfers above $5,000 is a reasonable threshold. Larger companies should add a third layer above $50,000 and separate vendor setup from payment approval so one person cannot create a new payee and send funds to that account.

Verify every payment request through a separate channel

Out-of-band verification means confirming a payment request through a channel different from the one it arrived on. If you receive a wire request by email, verify it with a phone call to a number already on file. If the request comes by phone, confirm in person or by video. This step defeats the majority of BEC attacks because the attacker controls the email thread but not your phone line.

Strengthen vendor management controls

Designate one person to manage vendor master file updates, and make sure that person does not also have payment approval authority. Banking information should appear on official vendor letterhead, verified through a phone call to a known contact. Quarterly audits of your vendor file catch dormant or suspicious entries before they become a problem.

When setting up vendor payment preferences, consider how each method handles fraud recalls. Wire transfers are nearly irreversible once funds clear, while ACH payments offer a longer recall window. Reviewing your payment mix annually helps you shift lower-risk payments to more recoverable methods.

Train your team with real attack examples

Quarterly training sessions that walk through actual BEC emails do more than any policy document. Showing your team what fraudulent emails look like in practice, including the subtle domain misspellings and urgency language, builds pattern recognition that sticks. Finance teams that have seen real examples catch social engineering attempts faster than those who have only read a checklist.

What to do if your company is targeted by wire fraud

Every hour that passes after a fraudulent wire transfer reduces the likelihood of a successful recall. Your response plan should be rehearsed before you ever need it, and the first actions after discovering a fraudulent transfer are the ones that count most. These four steps should happen within the first two hours:

  • Call your bank's fraud department immediately: Request a wire recall and provide complete transaction details, including wire reference numbers, before waiting to gather all evidence.
  • Contact the receiving bank directly: The receiving institution can freeze the account if funds have not already moved further down the chain.
  • File a complaint at ic3.gov within 24 hours: The FBI's Internet Crime Complaint Center coordinates with banks to freeze stolen funds, but the window is narrow.
  • Secure your systems: Change passwords on all email and financial accounts, check for suspicious forwarding rules, and confirm MFA is active across every account. Review your other payment channels, including understanding the dangers of eCheck, so your team locks down every method beyond wires.

After the immediate response, file a local police report for the incident number your insurance carrier will require. Notify your cyber insurance provider and preserve all evidence: full email headers, transaction screenshots, and communication records. Start building a timeline before details fade, because insurance recovery depends on documenting exactly what happened and when.

Frequently asked questions about wire fraud

What makes wire fraud different from other types of fraud?

Wire fraud carries federal jurisdiction because it involves electronic communications crossing state lines, which means penalties are significantly higher than state-level charges. A conviction can result in up to 20 years in federal prison, compared to much shorter sentences for most state fraud offenses. The federal classification also gives prosecutors access to broader investigative resources through the FBI and the Secret Service.

How quickly do you need to report wire fraud to recover funds?

Contact your bank within minutes of discovering a fraudulent transfer, not hours. Banks can initiate a wire recall, but success depends on how quickly the receiving institution releases the funds. Filing with the FBI's Internet Crime Complaint Center within 24 hours also increases the chance that law enforcement can freeze accounts before money moves offshore or converts to cryptocurrency.

Can multi-factor authentication stop wire fraud completely?

MFA prevents the account compromises that make BEC attacks possible, which addresses the largest category of wire fraud losses. It does not stop every type of wire fraud, because some attacks rely on phone-based social engineering that MFA cannot block. Combining MFA with out-of-band verification and dual approval covers multiple attack vectors.

What should a wire transfer verification policy include?

A strong policy requires out-of-band confirmation for every wire request, meaning the approval happens through a different channel than the request itself. It should specify dollar thresholds for dual and triple approval, define who has authority at each level, and require independent verification of any change to vendor banking information. The policy works best when it applies equally to all senders, including executives, so no one can override the process by citing urgency or seniority.