How One Business Nearly Lost $300,000 to Email Fraud

Worried man at laptop with hands on his face, overwhelmed by a financial issue.

A local business was in the middle of a major remodel. Payments to their contractor had gone smoothly until one email changed everything.

The message looked identical to previous ones from the construction company and appeared in the same email thread.

That email nearly cost the business $300,000.

How the Fraud Happened

Every major payment has a paper trail, and scammers know how to follow it. In this case, the local business and the contractor had a long-standing relationship that enabled the fraud.

Hackers gained access to the construction company’s email system, likely through a phishing email or a compromised password. Once inside, they reviewed ongoing conversations, invoices, and signatures.

When they saw a $300,000 payment coming due, they waited for the perfect moment. Then they sent a message from the contractor’s real email account with “updated payment instructions.”

The new account details looked legitimate, and the message used the same logo, email thread, and tone that the business recognized. Nothing appeared different than any other email.

How the Fraud Was Caught

Fraud rarely looks obvious in the moment. What saved this business was timing, awareness, and quick cooperation between banks.

The Red Flag

Another bank identified the check as suspicious because the deposit account was brand new and matched specific fraud indicators. They contacted FSB immediately to verify the transaction.

FSB’s business banking team reached out to the business to confirm. The business believed the payment was valid, but to be sure, they called the construction company directly using the number on file.

That call uncovered the problem; the contractor had not changed its bank information. The email was fake, and the payment went to a fraudulent account.

Why the Check Saved the Payment

The scammers wanted a wire or ACH transfer, both of which move money instantly and leave little chance for reversal. The business mailed a paper check instead, and that decision made all the difference.

Because a physical check clears more slowly, the bank was able to stop the transaction before withdrawal. FSB worked alongside them to ensure the funds were returned to the business in full.

What This Scam Reveals

Fraud like this is part of a larger pattern called Business Email Compromise (BEC). It relies on patience and credibility, not fear or urgency.

How Business Email Compromise Works

Criminals hack into legitimate email accounts and monitor conversations for weeks or months. They study writing styles, file names, and timing of payments. When they find a large upcoming transaction, they send a message that looks completely genuine.

The success of the scam depends on familiarity. The victim sees a known contact, recognizes the email thread, and follows instructions without second-guessing.

Warning Signs to Watch

  • Sudden changes to banking or mailing information

  • Slightly different email domains or addresses

  • Urgent or confidential tone in a familiar thread

  • Payment instructions that skip the usual approval process

Even one of these signs should pause any payment until it’s verified by phone.

The Hard Lesson

The business did what any organization would do: follow directions from a trusted partner. Yet trust alone does not confirm legitimacy.

A quick verification call would have stopped the fraud before it began. Instead, it required hours of coordination between two banks to recover the funds.

How FSB and the Business Prevented Future Fraud

This incident became a turning point for both organizations. They took immediate action to strengthen controls and educate their teams.

FSB’s Response

Once FSB confirmed the fraud, our business banking and treasury teams coordinated with the other bank to freeze the funds. The recovery was successful, and the business's money was returned.

FSB then worked directly with the business and the construction company to evaluate payment procedures and recommend improvements.

Stronger Internal Controls Implemented

Both parties adopted new practices to reduce future risk:

  • Verified contact lists for vendor communication

  • Dual approval for large transactions

  • Secure file-sharing tools instead of emailed invoices

  • Limited authority for initiating payments

These safeguards are now part of their standard process for every project.

How to Apply the Same Protection

Any organization can apply these lessons immediately:

  • Enable multi-factor authentication for all email accounts

  • Confirm all payment changes verbally with trusted contacts

  • Require two-person approval for high-value transactions

  • Keep a secure, updated list of vendor phone numbers

  • Review account activity regularly with your banker

Why Nonprofits Are Common Targets

Nonprofits and small businesses are often more exposed because they rely on email for most communication and have fewer staff members reviewing payments. Criminals know this and design their scams accordingly. 

A single realistic email can appear trustworthy enough to bypass scrutiny when workloads are high and oversight is limited.

FSB’s Commitment to Prevention

FSB teams are trained to question unusual activity and verify large payments. Our local communication and fast escalation process caught this issue before the loss became permanent.

That same vigilance protects hundreds of Iowa businesses and nonprofits every year.

Looking to review your current process, strengthen your defenses, or get support if something doesn’t feel right? Reach out to FSB's Treasury Management team to get started!

Key Takeaways
1

Fraudsters monitor business conversations, hack legitimate email accounts, and wait for payment activity.

2

Payment changes must always be verified by phone using a number from your records, not any number listed in an email.

3

Wire transfers and ACH payments are irreversible, while checks sometimes allow a chance to recover funds.

4

Nonprofits and small businesses are common targets because payment approval processes are often informal.

Cathy Ehnen - Fraud Prevention Expert at Farmers State Bank (Marion, IA)

Written by

Cathy Ehnen

Since starting at FSB in 1990, Cathy has built a wealth of experience, spending over two decades in Retail Operations before joining the Fraud Department in 2016.

She regularly attends fraud prevention seminars and maintains strong connections with local financial institutions and law enforcement. Cathy serves as FSB's first line of defense in fraud prevention and is committed to safeguarding customers and the bank.

Questions about fraud? Contact Cathy today!

Call: 319-730-6970
Email: CathyEhnen@fsbmail.net

Related Articles

Two professionals reviewing documents closely with a magnifying glass and calculator.

How Verification Prevented Loss

Learn how one business avoided a $17,000 payment scam.

See How Verification Helps


Frustrated small business owner after falling victim to Business Email Compromise fraud

Stop Business Email Scams Early

Learn how to protect your business from email fraud.

Prevent Business Email Compromise


Man in a suit taking a serious phone call in a bright office.

Spotting Fraud Business Calls

Learn how scammers impersonate vendors and how to verify every call.

Learn How to Identify Fake Calls