A local organization was recently impacted by a Business Email Compromise (BEC) scam.

“Company A” is a vendor to the victim organization. The email address for the owner of Company A was compromised. In late October 2021, while Company A’s owner was out of town, a hacker used the hacked email address to send new payment instructions to the victim.  The change request included a new EFT form containing a phone number with the one digit changed, a fake voided check, and a fake W-9. Company A was a known vendor, the email address was legitimate, and the victim ultimately changed the company payment information on file.

Several days later, the victim issued payments totaling over $300,000 to the fraudulent account. The incident is currently under investigation by the U.S. Secret Service.

To Avoid a Scam, organizations should consider the following:

  • Report the incident to authorities as soon as possible. An report may be needed for your bank to reverse a wire, and law enforcement can work with FinCEN to initiate the Financial Fraud Kill Chain.
  • Consider a policy to verify payment change instructions via information on file
  • Implement a two-signature requirement to issue checks or wire transfers
  • Train buyers and accounts payable staff on a payment change verification policy and signs of a scam
  • Talk to your bank ahead of time to confirm the process for freezing funds, cancelling checks, or reversing wire transfers – and have this written down so all staff is aware of the process

If you are the victim of a cyber attack or scam, please report it immediately. Contact information for agencies is below, or you can contact the SD-LECC to be connected to the appropriate agency.

Local law enforcement

Non-emergency number: (Find your LE agency’s number and include it in your response plan)

For life threatening emergencies: 911

Attack reporting, reporting coordination

San Diego Law Enforcement Coordination Center (SD-LECC)

[email protected]; [email protected]


Attack reporting, response team if all local resources are exhausted

California Cyber Security Integration Center (Cal-CSIC)

[email protected]; 916-636-2997

Attack reporting, response team if all local/state resources are exhausted


[email protected]; 1-888-282-0870


After incident reporting (if US-CERT not activated): https://www.us-cert.gov/report

Attack reporting, criminal investigations


[email protected]; 858-320-1800


After incident reporting (if FBI Cyber not already investigating): https://www.ic3.gov

Attack reporting, financial fraud investigations

U.S. Secret Service

[email protected]; 619-557-5640