For years, most businesses imagined cybercrime as a hacker breaking into a computer system.
Today, many of the biggest financial losses happen in a much quieter way.
An email arrives.
The message looks legitimate.
An employee follows instructions.
And suddenly, thousands of dollars are gone.
Fraudulent instruction scams, as these are known, are increasingly common for businesses of all sizes.
We’ve seen growing concern around these schemes because they are becoming more sophisticated, more convincing and more costly.
How These Scams Work
A fraudulent instruction scam — also known as a social engineering scam — happens when a criminal tricks a business into sending money or changing payment information based on false instructions.
Often, the scam arrives through email.
The criminal may:
- Impersonate a vendor
- Pose as a company executive
- Spoof a legitimate email address
- Gain access to a real email account and monitor conversations
The goal? Convince someone to send money to the wrong account.
Unlike traditional cyberattacks that rely on malware or system breaches, these scams rely on trust, urgency and human error.
And unfortunately, they are extremely effective.
In many cases, the scammer waits patiently in the background before making a move. They may monitor email conversations for days or even weeks, learning who approves payments, which vendors are regularly paid and how employees communicate internally.
Then, at just the right moment, the fake instructions arrive.
The email might say:
“Please note our updated ACH instructions for future payments.”
Or …
“We need this wire sent today before the deadline.”
Sometimes the email appears inside an actual ongoing conversation thread, making it look completely legitimate.
The employee believes they are handling a normal business transaction.
But the money is being routed directly to a criminal account.
Today’s scammers are also becoming far more sophisticated. They will copy company logos and signatures, use nearly identical domain names, study internal communication patterns and strike during legitimate payment cycles.
How Businesses Can Protect Themselves
No system is perfect. But strong internal procedures can dramatically reduce the risk of loss.
One of the most important safeguards is verifying payment changes by phone. Never rely solely on email to confirm updated banking instructions. Always call the vendor or client using a trusted phone number already on file.
Businesses should also consider requiring multiple approvals for large wire transfers and ACH payments whenever possible. A second set of eyes can help catch suspicious requests before money leaves the account.
Employee training is equally important. Staff should understand:
- How these scams work
- What suspicious requests look like
- When to slow down and verify information
Multi-factor authentication (MFA) can also add another layer of protection to email accounts and help reduce the risk of unauthorized access.
And finally, businesses should review their insurance coverage carefully.
Many business owners assume these losses are automatically covered under cyber insurance or crime policies. But coverage depends heavily on the wording of the policy and the endorsements included.
In some cases, claims may be denied because the employee technically authorized the payment — even though they were deceived.
That’s why businesses should review whether they have protections such as:
- Fraudulent Instruction/Social Engineering coverage
- Funds Transfer Fraud coverage
- Computer Fraud coverage
Fraudulent instruction scams are no longer isolated incidents. They are affecting businesses of every size and across nearly every industry.
If you’re unsure whether your policy would cover a case of fraudulent instruction, reach out and we’ll review your policy together.
It’s better to know and prepare now than scramble and pay later.