This page describes a real fraud type affecting SWIFT wire transfer users. If you believe you have been targeted, do not send money and contact your bank immediately. Verify any SWIFT payment free using the UETR tracker at the bottom of this page.
Business Email Compromise (BEC) Wire Fraud
Business Email Compromise (BEC) — also called CEO fraud, invoice redirection fraud, or mandate fraud — is the costliest form of cyber-enabled fraud worldwide, accounting for over $10 billion in annual losses. Fraudsters compromise or impersonate a company's email system, then instruct the finance team to send a SWIFT wire to a new bank account controlled by the criminal. The money is usually moved overseas within hours.
How This Fraud Works
The fraudster either hacks a genuine email account (e.g. a supplier's CFO or your CEO), or creates a lookalike domain (e.g. supplier.co vs supplier.com) to impersonate a trusted contact.
They monitor email traffic to understand payment patterns, outstanding invoices, supplier relationships and senior personnel.
At the right moment (often just before a large payment is due), they send an instruction to change the bank account details for a payment or instruct an urgent, confidential wire.
The finance team, trusting the email from a known party, executes the SWIFT wire to the criminal's account.
The funds are moved immediately to a secondary account overseas, often converted to cryptocurrency.
Red Flags — Warning Signs
A sudden request to change supplier or payroll bank account details, especially by email only.
An urgent, "confidential" instruction from a senior executive to wire money to a new account.
The sender's email address is very slightly different from the usual one (e.g. john@supplier-corp.co vs john@suppliercorp.co).
The instruction arrives on a Friday afternoon or just before a bank holiday, creating time pressure.
The new bank account is in a different country or currency from the usual arrangement.
Requests to bypass the normal payment approval process.
The "executive" is unreachable by phone for confirmation.
How to Verify Before Acting
ALWAYS call the requester back on a known, pre-existing phone number (not a number provided in the suspicious email) to verbally confirm any change to payment details.
Check the exact sending email address carefully — hover over the sender name to reveal the true address.
Apply a dual-authorisation rule for all SWIFT wires above a threshold (e.g. £5,000).
If a wire was already sent, immediately call your bank and provide the UETR — some BEC recalls succeed if acted on within hours.
Track the UETR on Ohmyfin to see if the funds are still in the correspondent banking chain (faster recall possible) or already credited (harder to recover).
What To Do If You Are Targeted
If you discover the fraud before the wire settles: call your bank's international payments team immediately with the UETR — request an urgent recall.
Report to law enforcement: Action Fraud (UK), IC3 (US FBI), Europol (EU).
Contact the receiving bank directly (use the BIC to identify them) and report the account as fraudulent.
Engage a cybersecurity firm to assess how the email account was compromised.
Review and strengthen your payment approval controls.
Verify Any SWIFT Payment — Free in 30 Seconds
Paste the 36-character UETR from any MT103 or payment confirmation. If the payment is real, Ohmyfin shows the live SWIFT GPI status. If it's fake, it shows "not found". Free for individuals.
BEC is a fraud where criminals impersonate a trusted party (executive, supplier, lawyer) via email to redirect a SWIFT wire to a criminal account. It's the #1 fraud type by financial loss globally, per FBI IC3 data.
Can a recalled BEC SWIFT wire be recovered?
Sometimes, if you act within hours. The SWIFT recall mechanism (MT n92 / camt.056) can stop a payment that has not yet been credited to the beneficiary account. Track the UETR on Ohmyfin first — if status is ACSP (in transit), an urgent recall has the best chance. ACSC means already credited — recovery then depends on the beneficiary bank and law enforcement.
How do I know which bank received the fraudulent wire?
The UETR on the payment confirmation (or from your bank's statement) will show you the beneficiary bank's BIC on Ohmyfin. You can then contact that bank directly to freeze the account.
Is BEC covered by cyber insurance?
Many cyber insurance policies cover BEC losses, but coverage depends on whether the insured followed required controls (e.g. callback verification). Review your policy and report the claim immediately.
How do I prevent BEC attacks?
Key controls: (1) Mandatory voice callback to a known number before any payment account change. (2) Dual approval for all international wires. (3) Email filtering and DMARC/SPF/DKIM authentication. (4) Staff training on phishing and social engineering.