It starts with an email that looks… normal.

“Hey—our banking info has changed. Please send payment to the updated account.”

No urgency. No red flags. Sometimes even comes from a real vendor’s email.

And that’s the problem.

The Mistake

Small businesses often:

• Update payment info based on email alone

• Skip verification to “save time”

• Trust existing vendor relationships too quickly

What Actually Happens

This is called Business Email Compromise (BEC).

Fraudsters:

• Gain access to a vendor’s email

• Monitor communication patterns

• Insert themselves at the perfect moment

• Redirect payments to their account

Once the money is sent—it’s rarely recovered.

Why It Works

Because it doesn’t feel like fraud.

It feels like business as usual.

How to Fix It (Immediately)

Create one rule:

No payment detail changes without verbal verification

Call the vendor using a known number—not the one in the email.

Also:

• Require dual approval for payment changes

• Flag any “urgent” payment shifts

• Train your team to question normal-looking requests

The Real Lesson

Fraud doesn’t break your systems.

It blends into them.

CTA:
Follow Inkplots for practical fraud prevention that actually fits your day-to-day.

Sources:

• Federal Bureau of Investigation – BEC Public Service Announcement
  → https://www.ic3.gov/Media/Y2023/PSA230504

• Department of Justice – BEC Case Prosecutions
  → https://www.justice.gov/criminal-fraud/business-email-compromise

• Cybersecurity and Infrastructure Security Agency – BEC Guidance
  → https://www.cisa.gov/news-events/news/business-email-compromise