336-886-3282[email protected]
Preferred Data Logo
Schedule

Business Email Compromise: How NC Companies Lose Millions to Wire Fraud

BEC scams cost businesses $2.77 billion in 2024. Learn how NC companies can prevent CEO fraud and invoice manipulation. BBB A+ rated. Call (336) 886-3282.

Cover Image for Business Email Compromise: How NC Companies Lose Millions to Wire Fraud

Business Email Compromise (BEC) is a sophisticated scam where attackers impersonate executives, vendors, or trusted partners via email to trick employees into wiring money or sharing sensitive data. In 2024, BEC caused $2.77 billion in losses across 21,442 reported incidents nationally, making it the second-costliest form of cybercrime behind investment fraud.

Key takeaway: According to the FBI's 2024 IC3 Annual Report, Business Email Compromise losses totaled $2.77 billion in 2024, with cumulative losses exceeding $17.1 billion over the past decade - a 1,025% increase since 2015. For North Carolina manufacturers and construction companies handling large wire transfers, BEC represents an existential financial threat.

Protect your NC business from BEC attacks. Preferred Data Corporation provides comprehensive email security solutions including advanced threat protection, employee training, and verification procedures. BBB A+ rated with 37+ years of experience. Call (336) 886-3282 or schedule a security assessment.

How Business Email Compromise Works

BEC is not a simple phishing attack. It is a carefully researched, targeted operation that exploits trust relationships within organizations:

Step 1: Reconnaissance

Attackers research your company using:

  • LinkedIn to identify executives, accounting staff, and key contacts
  • Company website for organizational structure
  • Social media for travel schedules and business activities
  • Public records for vendor relationships and real estate transactions
  • Dark web for previously compromised credentials

Step 2: Account Compromise or Impersonation

Two primary approaches:

Email Account Takeover: Attackers gain access to a legitimate email account through phishing, credential stuffing, or malware. Emails then come from the real account, bypassing most security filters.

Domain Impersonation: Attackers create lookalike domains (pdcsoftware.co vs. pdcsoftware.com) or use display name spoofing to appear as legitimate senders without actually compromising any account.

Step 3: The Attack

Attackers wait for the right moment - a CEO on vacation, a large transaction in progress, or a vendor payment cycle - then send targeted emails requesting urgent action.

Step 4: Extraction

Funds are wired to attacker-controlled accounts and quickly laundered through cryptocurrency, international transfers, or money mules. According to the FBI IC3, fraudulent transfers are sent to banks in the United Kingdom, Hong Kong, China, Mexico, and the UAE.

Common BEC Attack Types

1. CEO Fraud (Executive Impersonation)

How it works: Attacker poses as CEO or CFO, emails accounting department requesting urgent wire transfer.

Example targeting a High Point manufacturer:

From: John Smith (CEO) [email protected] To: Accounting Department Subject: Urgent Wire Transfer - Confidential

I need you to process a wire transfer of $87,000 to complete an acquisition we are working on. This is time-sensitive and confidential. Please process today and confirm. I am in meetings all day - do not call, just email.

Red flags: Urgency, secrecy, request not to verify by phone, unfamiliar payment details.

2. Vendor/Supplier Impersonation

How it works: Attacker compromises or impersonates a vendor's email, sends updated bank account information for future payments.

Example targeting a Greensboro construction company:

From: AP Department [email protected] (compromised account) Subject: Updated Banking Information

Please note our bank has changed. All future payments should be directed to: [fraudulent account details]. Please update your records for our next payment cycle.

Red flags: Banking changes via email only, no phone verification, slight timing before a large payment.

3. Invoice Manipulation

How it works: Attacker intercepts legitimate invoices (through email compromise) and modifies bank account details before the invoice reaches the paying company.

Example targeting a Charlotte real estate transaction: An attacker monitors email conversations between a closing attorney and buyer, then sends modified wire instructions for the closing funds at the critical moment.

Red flags: Last-minute changes to payment details, discrepancies in formatting, different reply-to address.

4. Payroll Diversion

How it works: Attacker impersonates an employee and requests HR/payroll to change direct deposit information.

Red flags: Request via email only (no in-person verification), urgency, new bank different from employee's history.

5. Data Theft (W-2/Tax Fraud)

How it works: Attacker impersonates CEO or HR director, requests employee W-2 forms or personal information.

Red flags: Unusual request for bulk personal data, tax season timing, urgency.

The Financial Impact

According to the FBI IC3 2024 report and Nacha's analysis:

  • 2024 BEC losses: $2.77 billion across 21,442 incidents
  • Average loss per incident: $129,000
  • Last 3 years combined: Nearly $8.5 billion in BEC losses
  • Last decade cumulative: $17.1 billion since initial tracking in 2015
  • Reported in: All 50 states and 186 countries
  • Recovery rate: The FBI's Recovery Asset Team achieves a 66% success rate in freezing fraudulent transfers

For NC manufacturers processing large purchase orders and construction companies managing significant project payments, a single BEC attack can eliminate an entire year's profit.

Key takeaway: According to Proofpoint research, email-based attacks were responsible for nearly 83% of all cybercrime losses reported to IC3 in 2024. BEC is not a rare, exotic threat - it is the most financially damaging form of cybercrime affecting American businesses.

Prevention Controls for NC Businesses

Technical Controls

1. Email Authentication (DMARC, SPF, DKIM)

These protocols verify that emails actually come from the domains they claim:

  • SPF (Sender Policy Framework): Specifies which servers can send email for your domain
  • DKIM (DomainKeys Identified Mail): Adds cryptographic signatures to verify email integrity
  • DMARC (Domain-based Message Authentication): Tells receiving servers how to handle authentication failures

Implementation protects your domain from being spoofed when targeting your customers and vendors.

2. Advanced Threat Protection

  • AI-powered email scanning that detects impersonation attempts
  • Behavioral analysis identifying unusual communication patterns
  • Real-time link and attachment analysis
  • Internal email monitoring for compromised accounts
  • Display name impersonation detection

3. Multi-Factor Authentication

MFA on all email accounts prevents credential-based account takeover:

  • Blocks 99.9% of automated account compromise attempts
  • Required for all users, especially executives and finance staff
  • Hardware security keys for highest-risk accounts (CFO, controller)

4. Conditional Access Policies

  • Block email access from unusual locations
  • Require additional verification for new devices
  • Alert on sign-ins from suspicious IP addresses
  • Restrict email forwarding rules (attackers often set forwarding)

Process Controls

5. Payment Verification Procedures

Implement mandatory verification for all wire transfers and payment changes:

  • [ ] Two-person approval for wires above $5,000
  • [ ] Phone verification of any banking change (using known numbers, not numbers from the email)
  • [ ] 24-48 hour cooling period for new vendor payment instructions
  • [ ] Separate authorization channel for high-value transactions
  • [ ] Written authorization for international transfers
  • [ ] Callback to known contact before processing changes

6. Vendor Verification Protocol

For vendors requesting banking changes:

  1. Call the vendor at a known phone number (not the one in the email)
  2. Verify the request with a known contact person
  3. Confirm the new bank details match the vendor's country and business type
  4. Document the verification in your records
  5. Send a small test payment before transferring large amounts

7. Executive Travel Protocols

When executives are traveling (a common BEC trigger):

  • Pre-authorize any expected large transactions before travel
  • Establish clear communication channels for urgent requests
  • Define who has authority to approve payments in executive's absence
  • Communicate that email-only wire approvals are never valid

Human Controls

8. Security Awareness Training

Regular training specific to BEC scenarios:

  • Monthly simulated BEC attacks targeting finance staff
  • Quarterly training updates on new BEC techniques
  • Annual comprehensive security awareness program
  • Immediate training after any near-miss incident

Learn more about security awareness training for your workforce.

9. Culture of Verification

Build an environment where employees feel empowered to:

  • Question unusual payment requests regardless of sender's seniority
  • Verify requests by phone without fear of appearing distrustful
  • Report suspicious emails immediately
  • Slow down urgent requests for proper verification
  • Escalate concerns without retaliation

What to Do If You Are a Victim

If your NC business falls victim to a BEC attack:

Immediately (within hours):

  1. Contact your bank and request a wire recall
  2. File a complaint with the FBI IC3
  3. Contact local FBI field office (Charlotte: 704-672-6100)
  4. Report to local law enforcement
  5. Notify your cyber insurance carrier

Within 24 hours: 6. Engage incident response team to investigate email compromise 7. Reset all potentially compromised credentials 8. Review email forwarding rules for unauthorized changes 9. Notify affected business partners 10. Document everything for insurance claim

The FBI's Financial Fraud Kill Chain can sometimes freeze and recover funds. In 2024, the FBI froze over $561.6 million in BEC-related fraudulent transfers. Speed is critical - contact the FBI within 24 hours for the best chance of recovery.

Industry-Specific BEC Risks in NC

Manufacturing

  • Large purchase order payments to overseas suppliers
  • Raw material procurement across multiple vendors
  • Equipment purchases with significant wire transfers
  • Payroll processing for large workforces in High Point and Greensboro plants

Construction

  • Progress payments on large projects ($100K-$1M+)
  • Subcontractor payments across multiple parties
  • Real estate closing transactions
  • Equipment rental and purchase payments
  • Multiple project managers handling their own vendor relationships

Real Estate

  • Closing fund wire transfers
  • Earnest money deposits
  • Title company impersonation
  • Attorney trust account targeting

Need comprehensive BEC protection for your NC business? Preferred Data Corporation implements multi-layered email security including technical controls, verification procedures, and employee training. Call (336) 886-3282 or request an email security assessment.

Measuring Your BEC Risk

High-Risk Indicators

  • [ ] No MFA on executive email accounts
  • [ ] No DMARC policy configured (or set to "none")
  • [ ] No formal wire transfer verification procedures
  • [ ] Finance staff not trained on BEC recognition
  • [ ] No email forwarding rule monitoring
  • [ ] Frequent large wire transfers ($25K+)
  • [ ] International vendor payments
  • [ ] Recent executive travel or public visibility
  • [ ] Company information easily found online (org chart, etc.)

If you checked 3 or more items, your Piedmont Triad, Charlotte, or Raleigh business is at elevated BEC risk.

Frequently Asked Questions

How common is Business Email Compromise for small businesses?

BEC affects organizations of all sizes. The FBI IC3 received 21,442 BEC complaints in 2024, with average losses of $129,000 per incident. Small businesses are increasingly targeted because they often lack the technical controls and verification procedures of larger organizations. NC manufacturers and contractors handling regular wire transfers are particularly vulnerable.

Can email security software alone prevent BEC?

No. While advanced email security tools detect many impersonation attempts, BEC attacks increasingly use compromised legitimate accounts that bypass technical filters. A comprehensive approach combining technology (DMARC, advanced threat protection, MFA), process (verification procedures), and people (security awareness training) is required for effective BEC prevention.

What is DMARC and do I need it?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol that prevents attackers from sending emails that appear to come from your domain. Every NC business should implement DMARC at enforcement level ("reject" or "quarantine"). Without DMARC, attackers can freely impersonate your company to target your customers and vendors.

How quickly can stolen wire transfers be recovered?

Speed is critical. The FBI's Recovery Asset Team achieves a 66% success rate when notified quickly, freezing over $561.6 million in 2024. Contact your bank immediately for a wire recall, then file an IC3 complaint and contact the FBI within 24 hours. After 48-72 hours, funds are typically laundered and unrecoverable.

Should my company have a separate wire transfer approval process?

Absolutely. Implement dual authorization for all wire transfers above a defined threshold ($5,000-$10,000). Require out-of-band verification (phone call to a known number) for any changes to payment instructions. This simple process control prevents the majority of BEC losses and costs nothing to implement.

Do Not Become a Statistic

Business Email Compromise is the costliest cybercrime affecting American businesses, and North Carolina companies are not immune. The combination of sophisticated social engineering, large financial transactions in manufacturing and construction, and insufficient verification procedures creates a perfect target environment.

Preferred Data Corporation - High Point, NC | 37+ years serving North Carolina businesses | BBB A+ rated

Call (336) 886-3282 | Assess Your Email Security | Explore Cybersecurity Services

Support