BEC wire transfer fraud is responsible for 86% of all business email compromise losses — $2.6 billion of the $3,046,598,558 reported to the FBI’s IC3 in 2025. Criminals deliberately target wire transfers because they settle fast, are difficult to reverse, and look exactly like legitimate business payments. This guide explains how BEC wire transfer fraud works and how to respond if funds have already moved.
If you’ve just sent a fraudulent wire transfer, skip to “How to Recover a Fraudulent Wire Transfer” below. Every minute matters.
BEC generated $3,046,598,558 in losses in 2025, and 86% of those losses moved through wire transfer or ACH — a design choice by criminals who understand how business payments work. (FBI IC3 2025 Annual Report)
What Is BEC Wire Transfer Fraud?
BEC wire transfer fraud is a cybercrime in which attackers impersonate trusted parties via email to manipulate an authorized employee into initiating a wire transfer to a fraudulent account. It exploits trust in email communication — not weaknesses in banking systems.
Why Do Criminals Use Wire Transfers for BEC?
Wire transfers are preferred because they settle quickly, are extremely difficult to reverse, and are a standard business payment method that does not immediately raise suspicion.
- Speed: Funds settle in real time or within hours — often before the victim realizes what happened
- Irreversibility: Unlike credit card transactions, completed wire transfers have very limited reversal options
- Legitimacy: Businesses wire money constantly — attackers design BEC around mechanisms that feel ordinary
86% of BEC losses in 2025 moved via wire transfer or ACH (FBI IC3 2025 Annual Report).
How Does a BEC Wire Transfer Attack Actually Work?
The attack follows four phases: reconnaissance, email compromise or impersonation, a carefully timed fraudulent payment request, and rapid fund movement once the wire executes.
Phase 1: Reconnaissance
Attackers research their target before sending a single message. LinkedIn, company websites, press releases, regulatory filings, and real estate records all reveal upcoming transactions, organizational hierarchies, and who holds payment authority.
Phase 2: Access or Impersonation
Criminals either compromise a legitimate email account via phishing, or create a convincing impersonation using a spoofed domain or display name manipulation that hides the actual sending address.
Phase 3: The Fraudulent Request
The request arrives at a strategic moment — during a known payment window, aligned with an expected invoice, or timed to a real transaction. The message carries urgency and requests confidentiality.
Phase 4: Fund Movement
Once the wire executes, criminals move immediately. Funds hit a mule account, are transferred out, and may be converted to cryptocurrency within hours — each step compressing the recovery window.
How to Recover a Fraudulent Wire Transfer — Step by Step
To recover a fraudulent wire transfer: (1) call your bank’s fraud department immediately, (2) file an IC3 complaint at ic3.gov, (3) preserve all email evidence without modifying anything, (4) engage a BEC investigation firm. All four steps should happen simultaneously.
- Call your bank’s wire fraud department — not general customer service. Provide the receiving bank name, routing number, account number, wire amount, and transaction reference. Request a wire recall. Ask about SWIFT gpi recall (international) or Fedwire reversal (domestic).
- File a complaint at ic3.gov immediately. The IC3 Recovery Asset Team (RAT) coordinates with financial institutions through the Financial Fraud Kill Chain (FFKC) to freeze fraudulent accounts — but only when complaints are filed quickly with complete details.
- Preserve all email evidence. Do not delete, move, or reply to communications related to the fraud. Do not change account passwords before digital evidence is preserved — you will destroy the forensic record.
- Contact a BEC investigation firm for emergency triage. Critical evidence in Microsoft 365 and Google Workspace has retention windows measured in days. Act before it’s gone.
- Notify legal counsel and your insurance carrier. Late notification can affect coverage.
- Document everything with timestamps. Every action taken, every person contacted, every piece of information provided.
Can You Get Money Back After a BEC Wire Transfer?
Recovery is possible, especially in the first 24 to 72 hours, but not guaranteed. The majority of BEC funds not intercepted within the initial window are never returned. Speed of response is the single most important factor.
Key factors: time elapsed since the wire, whether funds are still in the initial receiving account, whether the receiving bank cooperates, and whether funds have been converted to cryptocurrency.
Preventing BEC Wire Transfer Fraud: Controls That Work
The most effective controls: out-of-band verification for all wire instructions, dual authorization above a threshold, DMARC enforcement, and a culture that treats urgency as a red flag.
- Out-of-band verification: Any wire instruction arriving by email is confirmed by phone using a number from your own records — never from the email itself
- Dual authorization: Two separate individuals required to approve transfers above a defined threshold
- DMARC enforcement (p=reject): Prevents spoofed domains from reaching employee inboxes
- Vendor banking change protocol: Any request to update payment information triggers mandatory independent verification before use
- Wire limit controls: Work with your bank to establish callbacks for wires above defined amounts or to new payees
Frequently Asked Questions
What is the first thing to do after a BEC wire transfer?
Call your bank’s fraud department immediately and request a wire recall. Simultaneously file a complaint at ic3.gov. These two actions must happen at the same time — the recovery window is measured in hours.
How long do I have to recover a fraudulent wire transfer?
The practical recovery window is approximately 24 to 72 hours from when the wire was sent. After funds move from the initial receiving account, recovery probability drops significantly with each additional transfer.
What is the IC3 Recovery Asset Team?
The IC3 Recovery Asset Team (RAT) is an FBI unit that works with financial institutions to freeze fraudulent wire transfers through the Financial Fraud Kill Chain (FFKC) process. File at ic3.gov as quickly as possible with complete transaction details.
Can cryptocurrency BEC losses be recovered?
More difficult but not impossible. Blockchain analysis tools can trace transactions, and some exchanges cooperate with law enforcement requests when given timely, specific transaction data.
Will my bank refund a wire transfer that went to a BEC scam?
Banks can initiate recalls but are not legally required to refund completed wire transfers the way they handle credit card fraud. Recovery depends on whether the receiving bank still holds funds and cooperates with a recall request.
If your organization needs emergency assistance following a suspected BEC wire transfer, contact Rexxfield at rexxfield.com/bec-urgent-next-steps.
Source: FBI Internet Crime Complaint Center (IC3) 2025 Annual Report
