The Bank Account Switch Scam: What to Do Before and After It Happens to You
The bank account switch scam is one of the fastest-growing and most damaging forms of wire fraud and business email compromise (BEC) facing businesses today.
This payment fraud scheme typically involves a supplier—or someone impersonating your supplier—requesting that payments be sent to a new bank account. You follow the instructions, only to learn later that your actual supplier never received the funds. The money is gone, often funneled through accounts in China, Hong Kong, or other jurisdictions where recovery is difficult or impossible.
While this type of wire fraud isn't new, it has become significantly more frequent and far more sophisticated.
During COVID, our law firm saw a sharp rise in companies reaching out for help after falling victim, and the volume of these cases has only increased since. We initially started handling bank account switch matters through our work with clients making payments to overseas suppliers—especially in China, Mexico, Vietnam, India, and Thailand.
Lately, we're seeing a surge in U.S.-based cases, from real estate closings to B2B service transactions.
If your company is engaged in international trade or large domestic payments, this is a threat you cannot afford to overlook. One mistake can cost you hundreds of thousands—or even millions—of dollars.
This post explains how to spot and prevent the bank account switch scam, and—most critically—what to do if it happens to you. We also outline how legal counsel can help you recover lost funds, secure insurance coverage, and protect your business from further harm.
What Is a Wire Fraud Bank Account Switch Scam?
This BEC attack typically unfolds as follows:
- You receive an invoice from a supplier—either a new one or someone you've worked with before.
- The invoice asks you to wire funds to a bank account.
- You send the payment.
- Your supplier later says they never received payment—and they're telling the truth.
- You've unknowingly sent the money to an account controlled by a scammer, not your actual supplier.
This scheme often relies on email spoofing or account compromise. Scammers monitor communications between buyer and seller and wait for the perfect moment to insert false payment details—sometimes just minutes before a real invoice is sent.
The Wall Street Journal reports that nearly 85% of these fraudulent payments are sent to bank accounts in China or Hong Kong. These funds are notoriously difficult to trace or recover, and victims are often left scrambling to cover financial losses, repair supplier relationships, and assess internal vulnerabilities.
Industries Most Vulnerable to Wire Fraud and BEC Attacks
While no sector is immune, certain industries face elevated risks:
High-Risk Industries:
- Real Estate & Property Development: Large transactions, multiple parties, and tight closing deadlines make this sector especially vulnerable.
- Manufacturing & Import/Export: Complex supply chains with overseas vendors increase susceptibility to impersonation.
- Construction: Project-based payments to subcontractors and suppliers present numerous opportunities for interception.
- Technology & Software: High-value contracts and distributed teams make confirmation difficult.
- Healthcare: Equipment purchases, pharmaceutical imports, and facility construction all involve substantial, recurring payments.
Why These Industries Are Targeted:
- High-value transactions justify scammer investment.
- Complex payment chains with multiple intermediaries.
- Time-sensitive deadlines that encourage rushed decisions.
- Cross-border communications that complicate confirmation.
- Email-heavy correspondence that's easier to intercept.
- Less rigorous data protection in emerging market jurisdictions.
Wire Fraud Red Flags: How to Spot BEC Scam Warning Signs
Train your teams to spot early indicators of wire fraud and business email compromise. Some of the most common include:
Email Red Flags:
- Slight changes in sender addresses (e.g., supplier@company.co instead of supplier@company.com)
- Unexpected urgency ("We need this payment today or we cancel your order.")
- Generic greetings or sign-offs from contacts who usually personalize emails
- Odd grammar or phrasing in emails from fluent correspondents
- Off-hours communication from international partners
- Anything that just feels slightly off
Payment Request Red Flags:
- Sudden changes to payment instructions
- Requests to send funds to new countries
- Use of bank accounts in known fraud hotspots like Hong Kong
- Pressure to ignore normal confirmation protocols
- Claims that "our old account was compromised"
Communication Red Flags:
- Abrupt switch from calls to email-only correspondence
- Avoidance of verbal confirmation
- "Confidential" requests to handle payment changes discreetly
- Repeated follow-ups asking whether the payment has gone through
- Changes to signature blocks or contact details
How to Prevent Wire Fraud and Bank Account Switch Scams
Prevention begins with strong internal protocols and supplier-side controls. Here's what you can do:
Conduct Supplier Due Diligence
Check business license information, bank details, and email addresses. Confirm account changes by calling a known landline or direct number—not one included in the email you're checking.
Implement Payment Safeguards
- Always confirm bank account changes by phone.
- Use a test wire for a small amount before large transfers.
- Avoid wiring to offshore accounts unless confirmed; mainland Chinese accounts are often more secure than those in Hong Kong or elsewhere.
Monitor Bank Transfers Daily
Actively review outgoing wires—especially large ones—each day. If detected early, a wire can sometimes be reversed or frozen.
- Strengthen Internal Controls
- Require dual authorization for all high-value wires.
- Use confirmation checklists that include prior bank records.
- Train employees to escalate any inconsistency—no matter how small.
- Emphasize that fraud prevention is everyone's responsibility.
- Strengthen Your Contracts
- Incorporate bank account confirmation procedures and fraud notification duties into your contracts. Require written confirmation through pre-established channels for any payment changes.
Get the Right Insurance
Consider cybercrime or fraud insurance that specifically covers wire fraud and social engineering attacks. Most of the general commercial (CGL) policies our lawyers have seen capped this coverage at $100,000 or less.
Wire Fraud Response: What to Do After a BEC Attack
Even with robust protections, fraud can still happen. If it does, timing and process are everything.
1. Try to Recall the Wire
Contact your bank immediately to recall the funds. The earlier this is done, the better your odds of success.
2. Retain a Forensic IT Team—Through Legal Counsel
Bring in digital forensic experts to determine:
- How the fraud occurred (e.g., spoofing vs. account compromise)Whether the breach occurred on your side or your supplier's Important: Have your attorney retain the forensic team. This helps preserve attorney–client privilege and allows you to control disclosure of any damaging findings.
3. Review Your Insurance
An experienced attorney can help you:
- Assess whether your policy covers this type of fraud
- Document and frame your claim in the most favorable light
- Meet deadlines—some insurers require notice within days
4. Handle Supplier Communications Strategically
Regardless of fault, this is now a sensitive issue between you and your supplier. An experienced legal team can help
- Negotiate cost-sharing if the supplier's system was breache
- Avoid adversarial accusations that risk future business
- Coordinate claims with the supplier's insurer
- Engage banks to freeze or trace funds
- Maintain or unwind the relationship with minimal damage
- Preserve your rights against any parties that may share liability
Wire Fraud Recovery Case Studies: How Companies Recovered Stolen Funds
We've guided many international and domestic companies through these crises. Here are a few examples (with identifiers changed to maintain anonymity) that illustrate what's possible:
1. Electronics Firm Recovers $580,000
A U.S. electronics company received what appeared to be a routine payment request from their primary Chinese manufacturerThe email looked identical to previous communications, complete with the supplier's standard email signature and logo.
However, one character in the email domain was different: an uppercase "I" had been replaced with a lower case "l". Can you even see the difference?
Anyway, the electronics company wired $580,000 for a component order. When they didn't receive shipping confirmation after three days, they called their supplier directly. The supplier knew nothing about the order and had never sent the payment request.
They contacted us within six hours of discovering the fraud — not kidding! Working with both the sending bank in the U.S. and the receiving bank in Hong Kong, we (our lawyers, the client and the various banks) were able to freeze and eventually recover the funds.
2. Textile Importer Recovers $280,000 via Insurance
A textile importer received an urgent email from what appeared to be their Vietnamese supplier, claiming their factory's bank account had been "temporarily frozen by authorities" and requesting immediate payment to an alternative Hong Kong account to avoid production delays.
Under pressure to meet a critical shipment deadline, the company sent the $280,000 wire without phone confirmation. The fraud was discovered when the real supplier called asking about overdue payment.
We brought in a forensic investigation team whose findings revealed the scammer had monitored email communications for weeks, timing the fake request perfectly with the company's payment schedule. We then helped the company prepare a comprehensive insurance claim, documenting the attack's sophisticated nature. While the insurer paid the full policy limit, it's important to note that few companies have coverage sufficient for a claim of this magnitude. Most lack a dedicated cybercrime policy or a cybercrime rider exceeding $100,000 on their business insurance.
3. Manufacturing Company Avoids $850,000 Loss Through Quick Action
A manufacturing company's accounting manager received payment instructions for three outstanding invoices totaling approximately $700,000. The email came from the company's established Mexican supplier but requested payment to a new account in Hong Kong, citing "banking efficiency improvements."
Something felt off to the accounting manager, who had worked with this supplier for two years. She called the supplier's main number and learned they had sent no such request. The real invoices were still pending payment to the original Mexican account.
The company brought in an outside IT team that identified the breach point and helped coordinate system security improvements. No funds were lost, and the supplier relationship went unblemished through the collaborative response.
4. Construction Products Firm Uncovers Internal Fraud Ring
Here are a few polished options for that case study, with varying degrees of conciseness and emphasis:
Option 1 (Concise and Direct):
An American construction products company noticed an unusual pattern: within a two-week period, payment instructions for multiple suppliers changed, all requesting wires to accounts in Hong Kong. The company had already sent $320,000 across three transactions before becoming suspicious.
A forensic IT investigation revealed no hack, but strongly indicated an overseas employee had been selling payment information to the fraudsters. This employee had access to accounts payable systems and was providing detailed invoice timing and amounts to external conspirators.
We guided the client through the legal implications, including potential criminal referral procedures and employment law considerations.
The company recovered $100,000 through insurance and implemented comprehensive internal controls, including segregation of duties and enhanced monitoring systems. The suspect employee was terminated, and his reaction to the termination only heightened suspicion.
Final Thoughts
The bank account switch scam strikes at the heart of any business relationship: trust around payment. And once a fraudulent wire is sent, the consequences can be swift and devastating.
But with the right response—legal, operational, and technical—you can:
- Maximize your chance of recovering funds
- Limit business disruption
- Prevent reputational damage
- Put safeguards in place for the future
If you remember nothing else, please remember the following:
- Never wire money based solely on an email
- Always confirm changes through trusted channels
- Act immediately if something seems off
And If you've fallen victim to a bank switch scam—or suspect something isn't right—time is critical. Taking the right legal and forensic steps early can significantly impact your recovery options and help protect your business relationships.
The Bank Account Switch Scam: What To Do Before And After It Happens To You
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
