Wire and ACH Fraud: What You Need to Know to Protect Yourself

Wire transfers and Automated Clearing House (ACH) origination are vital components of modern banking, facilitating quick and efficient fund transfers. However, they can also present significant fraud risks.

Cybercriminals continuously devise new ways to exploit these payment methods since they’re almost immediate and difficult to reverse, making it crucial for individuals and businesses to understand the threats and adopt preventive measures.

What Are Wire and ACH Transactions?

Wire Transfers

Wire transfers are electronic funds transfers that allow individuals and businesses to send money quickly, often within the same day. These transactions are typically irreversible, making them an attractive target for fraudsters.

ACH Transfers

ACH transfers are electronic payments processed in batches, commonly used for payroll, direct deposits, bill payments, and vendor transactions. While generally more secure than wire transfers, ACH transactions can still be vulnerable to fraud if proper safeguards are not in place.

Why Are These Transactions Important?

Wire and ACH transactions are crucial to financial operations, enabling seamless payments for businesses and individuals alike. They facilitate payroll processing, supplier payments, and consumer transactions, making them essential for today’s digital-focused environment. Their speed and convenience make them popular choices for legitimate financial transactions—but also prime targets for fraud.

Why Criminals Target Wire and ACH Transactions

Speed and Irreversibility

Wire transfers are often processed within hours, making it difficult to recover funds once they are sent. Criminals exploit this by quickly moving stolen funds to offshore accounts or converting them into untraceable assets.

High Transaction Volumes

Businesses process large numbers of ACH and wire payments daily, creating opportunities for fraud to go unnoticed amidst legitimate transactions.

Social Engineering Opportunities

Many fraud schemes rely on human error, such as tricking employees into authorizing fake payments. Criminals use phishing, impersonation, and other deceptive tactics to manipulate victims into transferring funds.

Common Wire and ACH Scams

1. Business Email Compromise (BEC)

BEC scams involve fraudsters impersonating company executives or vendors through email to trick employees into sending unauthorized wire or ACH payments. These emails often appear legitimate, sometimes using hacked or spoofed addresses.

What to Watch For:

• Urgent requests for payment outside normal procedures
• Changes to vendor payment details without prior notice
• Emails with subtle domain changes

Example Situation: A finance manager at a manufacturing company receives an urgent email from an individual claiming to be the CEO. The email looks to be legitimate in that the layout, signature, and email address are almost identical to previous emails sent by the CEO. The email instructs the finance manager to wire $100,000 for a last-minute deal. By the time this email is discovered to be fraudulent, the funds have already been transferred to an overseas account, losing any chance at recovering the stolen funds.

2. Family Emergency Scams

Criminals pretend to be relatives, often grandchildren, claiming to be in trouble abroad. They may involve accidents, hospitalizations, theft, or legal issues, and often work in pairs. They can use online information and AI to clone voices, or pretend to be a doctor, lawyer or police, making the scam seem real.

What to Watch For:

• Phone calls with a sense of urgency asking for money due to an emergency.
• Two voices on the line - one party pretending to be the relative, and another party pretending to be the doctor, lawyer, police, etc.  
• A request to keep it quiet, in hopes their scam will not be uncovered.

Example Situation: A grandfather receives a call from a young man who claims to be and sounds identical to his grandson Jack. Jack (who’s really not Jack) is a little frantic and says he’s in a lot of trouble, needing money for bail. He asks the grandfather to not tell his parents because he will be in even more trouble. The grandfather wired the money, then called Jack to ensure he received the funds. (The real) Jack answered and was completely unaware of the entire situation. He had never been in any trouble.

3. Vendor Impersonation Fraud (Fake Invoice Scams)

Fraudsters pose as legitimate vendors and send fake invoices with altered bank details, leading businesses to unknowingly transfer funds to fraudulent accounts.

What to Watch For:

• Unusual changes in payment instructions
• Requests to update payment details via email
• Mismatched company details or invoice formatting errors

Example Situation: A mid-sized car dealership receives an invoice from a regular vendor requesting payment to a new bank account. Without verifying the change, the company transferred $100,000, to discover later the vendor had never changed its banking details. Again, by the time the crime is realized, the money is unable to be recovered.

4. Account Takeover Fraud

Cybercriminals gain access to business or personal bank accounts through phishing, malware, or credential theft, allowing them to initiate unauthorized wire or ACH transfers.

What to Watch For:

• Unexpected login attempts or password reset notifications
• Unrecognized transactions or payee details
• Emails or calls requesting sensitive login credentials

Example Situation: A small-business owner clicks on an email appearing to be from their bank, explaining there is message from their bank regarding fraud. The email contains a link to log into their bank account. After clicking the link, a webpage appears which looks almost identical to their bank’s login page. The small-business owner enters their login information into the log into their account. The scammer has now collected the login information to the small-business owner’s account and used those credentials to wire $40,000 to an unknown recipient before the fraud was detected.

CHECK OUT THESE TIPS TO PROTECT YOUR FINANCIAL INFORMATION FROM CYBERCRIMINALS

5. Payroll Diversion Scams

Fraudsters target payroll departments, impersonating employees to request changes to direct deposit information, redirecting salaries to fraudulent accounts.

What to Watch For:

• Sudden direct deposit changes, especially via email
• Requests that bypass normal HR verification procedures
• Emails with grammatical errors or unfamiliar language

Example Situation: A payroll manager for an electric company receives an email requestion a direct deposit update. The request appeared legitimate but was later discovered that the email had been hacked by a cybercriminal. The next paycheck was deposited into the fraudster’s account.

6. Real Estate Settlement Scams

Criminals compromise the email accounts of attorneys, settlement companies, title agencies, or real estate companies.  From there, they monitor communications and when settlements are imminent, they will send updated wiring instructions, with everything about the transaction being accurate, except the payment instructions now direct the funds to an account controlled by the criminal or one of their accomplices. These complex scams make it tough for victims to catch on to since they appear legitimate. Always verify payment requests before completing transactions with information you already have.

What to Watch For:

• Payment instructions that differ from previously discussed arrangements
• Emails with grammatical errors or unfamiliar language

Example Situation: A family who is preparing to go to settlement on a new vacation home receives an email requesting wire instructions and payment information to complete the settlement. The email comes from a valid email address, the timing is relevant to the expected timeline, and everything appears legitimate. Because the buyer is usually very careful when handling large financial transactions, he called to verify the transaction, finding out it was fraudulent, and he had saved his family thousands of dollars.

7. Fake Check Scams

Work-from-home scams use email, text, social media and online marketplaces to entice individuals with remote job opportunities that many times sound too good to be true. Checks received for these "jobs" are often counterfeit and will bounce, leaving you responsible for any funds sent to others.

What to Watch For:

• Job offers that sound too good to be true
• Businesses that ask for payment in gift cards
• Requests to cash checks from people you don’t know

Example Situation: A lady receives a text from an unfamiliar number claiming to be a popular grocery store chain advertising a part-time remote work opportunity with great pay and a $100 signing bonus. The lady has two young children and thinks this is exactly what she needs.  She responds and is sent a signing bonus for $1000. When reporting the discrepancy to her new employer, she is asked to wire the difference. After the $900 has been wired, the original $1000 check bounces, leaving the lady responsible for the fraudulent check.

How to Prevent Wire and ACH Fraud

1. Implement Strong Verification Procedures

Always verify wire transfer and ACH payment requests through a secondary channel, such as a phone call to a known contact at the requesting company.

2. Use Multi-Factor Authentication (MFA)

Require MFA for all banking transactions and system logins to add an extra layer of security against unauthorized access.

3. Monitor Account Activity Regularly

Set up real-time alerts for outgoing transactions and review account statements frequently to spot any suspicious activity.

STEPS TO TAKE AFTER SUSPICIOUS ACTIVITY APPEARS ON YOUR ACCOUNT

4. Train Employees on Fraud Awareness

Regularly educate employees on recognizing fraud tactics and phishing attempts to prevent accidental compliance with fraudulent requests.

5. Establish Payment Approval Controls

Use dual authorization for high-value transactions, ensuring that no single individual has full control over wire or ACH payments.

Wire and ACH fraud can have devastating financial consequences, but awareness and proactive measures can significantly reduce the risk. By staying vigilant, implementing security best practices, and fostering a culture of fraud awareness, businesses and individuals can protect their assets from cybercriminals. Remember, always verify before you send, and when in doubt, question the legitimacy of any unusual payment request.

Continue reading for a brief overview of other types of fraud and examples to give you insight into how these criminals work, or check out this article to learn how fraudsters are using current events to scam unsuspecting individuals:

CURRENT EVENT SCAMS

Other Types of Fraud to Be Aware of:

Identity Theft: Criminals steal personal Information to commit fraud or open fraudulent accounts.

Example: A man receives a phone call claiming to be a detective. The detective claims the man is under investigation for a serious crime. He asks for the man to verify his identity by providing him with his birthdate and social security number. Scared and caught by surprise, the man provides his information to the caller, providing the scammer with the sensitive information he needed to open credit cards, take out loans, and so much more.

Card Skimming:  Skimming involves placing a hidden device on ATMs or point-of-sale machines to steal card information.

Example: A lady filled her car up with gas by paying at the pump with her debit card. While inserting her card into the pump, she didn’t notice anything to be out of the ordinary. Two days later, she noticed unauthorized charges appear on her account.

Overpayment/Selling/Buying Scams: A fraudster offers to pay more than asking price or seems overly eager to close a sale. These scammers may overpay and ask you to send the excess back, leaving you responsible when the check bounces.

Example: A college student decides to sell their car using social media before returning to school in the fall in hopes of keeping the profits for tuition. The student gets an offer for $1,000 more than asking price from an unfamiliar social media account. The student wanted to put the extra $1,000 toward his debt. The student agrees and after the transaction is notified by the bank that the check had bounced. The student had to pay for the total bounced check and still had their tuition bill due.

Romance Scams:  Fraudsters facilitating fake relationships aim to get their online dates emotionally involved to extract money or personal information. These scams can last weeks or months and will take advantage of vulnerabilities.

Example: A man using a popular online dating app has been involved in an online relationship with a girl he met in the app. It’s been over a month when she tells him she is late on her electric bill. He offers to pay for it and wires her the money. She then proceeds to coerce the man into sending more and more money over a longer period of time.

Sweepstake, Lottery Winnings and Online Loan Scams: Victims receive an email, text, or other notification saying they’ve won a sweepstakes or lottery but ask for advance payments in order to receive their funds or prize. Similarly, some fraudsters pose as lenders asking for fees up front before approval.

Example: YOU’VE WON! A lady receives a text saying she’s won a free iPad. They then ask the lady to pay a setup fee to receive her prize. The lady paid it, losing her money and never receiving a prize.

Impersonations Scams: Fraudsters impersonate agencies like the IRS, Social Security, Medicare, courts, and toll agencies such as EZPass. They claim you owe fees, need to update payment info, or missed jury duty. Many times, payment is requested via gift card, bitcoin, or money order. Sometimes fraudulent payments can be made online to cloned agency webpages as well.

Example: A text from who appears to be EZPass comes through stating there’s an overdue bill with a link to pay that bill. After clicking the link, the page appears to be legitimate and asks for payment and account information. The transaction is then completed and the fraudster has stollen the money and account information to try and commit more fraud.

For updates on financial security information and further tips on how to avoid financial security threats, visit our Security Tips page:

SECURITY TIPS