Verify before you wire.
Wire fraud is the fastest-growing financial attack on small businesses. The fix is a 90-second phone call before the money moves.
Wire fraud is the fastest-growing financial attack on small and mid-sized companies, and it almost never involves hacking. It involves convincing one person to move money based on an email. The fix doesn't cost anything and doesn't take new software — it's a 90-second verbal callback before any wire goes out.
How the scam actually works
Attackers quietly read someone's email for days or weeks — your CFO, your title company, a trusted vendor. They watch how wires are requested, what language is used, what accounts are normal. Then, at the right moment, they send a single email with updated wire instructions. Same signature, same tone, a new account number. The money leaves, and by the time anyone notices, it's gone.
Businesses that lose six figures to wire fraud didn't lose it because they're dumb. They lost it because the email looked exactly right. The defense isn't suspicion — it's policy.
Real examples from the last quarter
“A small accounting firm received "updated wire instructions" from a long-time client right before a real estate closing.”
Red flag: The email was from the client's actual compromised mailbox — attackers had been reading it for weeks. No callback, $214,000 lost.
“A construction company's CFO got an email from the "CEO" asking for an urgent wire to a new supplier before a weekend trip.”
Red flag: Lookalike domain that swapped an 'l' for an '1'. CFO called the CEO directly — stopped the wire with 10 minutes to spare.
The two-line wire policy
Write it down, pin it to the finance team's wall: (1) any wire over a set threshold requires a verbal callback on a known number — not the one in the email. (2) any change to an existing vendor's wire instructions, at any amount, requires a verbal callback. That's it. That one habit blocks nearly every wire fraud attempt.
Want a written wire-verification policy?
We have a one-page template we hand to our clients. Reply to any of these tips and we'll send it over.
- 1Write a wire-verification policy and pin it where your finance team works.
- 2Require a verbal callback on any wire change, at any amount, using a phone number you already have on file.
- 3Never rely on the phone number in the email — attackers often control it.
- 4Set a dollar threshold that requires dual approval on outbound wires.
- 5Train new finance hires on the policy during their first week.
Want help securing your business?
Schedule a quick security review with our team. 15 minutes, no sales pressure — walk away knowing exactly where your gaps are.
Schedule a quick security reviewKeep reading
The fake CEO email.
Gift cards, wire changes, W-2 forms, payroll routing — all the classic CEO-impersonation scams. One callback habit kills every variant.
ReadTip #20 · Social engineeringSocial engineering on the phone.
Vishing is phishing over the phone — and it's still remarkably effective because people trust voices more than emails. Learn the tells.
Read