How Email-Based Payment Diversion Fraud Happens — And How Organizations Can Prevent It

How Email-Based Payment Diversion Fraud Happens — And How Organizations Can Prevent It

By Alena Forensic Advisory

In recent years, one of the most damaging and increasingly common forms of financial fraud is email-based payment diversion, often referred to as Business Email Compromise (BEC).

This scheme targets organizations during legitimate transactions and redirects funds to fraudulent accounts—often without immediate detection.

High-profile cases involving individuals such as Ramon Olorunwa Abbas have highlighted how sophisticated and globally coordinated these schemes can be.

What Is Email-Based Payment Diversion Fraud?

This type of fraud occurs when criminals intercept or impersonate legitimate email communication and manipulate payment instructions—typically by changing bank account details.

The result:
Funds intended for a legitimate recipient are diverted to fraudulent accounts controlled by the perpetrators.

How the Scheme Works

These schemes are rarely random. They are planned, patient, and highly targeted.

1. Gaining Access to Email Systems

Fraudsters gain access through:

  • phishing emails
  • compromised passwords
  • weak email security

Once inside, they do not act immediately.

Instead, they monitor communications over time, studying:

  • payment cycles
  • client relationships
  • invoice patterns

This allows them to act at the most opportune moment.

2. Observing Legitimate Transactions

The attackers wait until:

  • a large payment is due
  • an invoice is issued
  • a transaction is being finalized

They understand the timing, tone, and structure of communication.

3. Inserting Themselves Into the Transaction

At the critical moment, they intervene by:

  • sending an email that appears legitimate
  • slightly altering the sender’s email address
  • or using the actual compromised account

They then communicate:

“Please note our bank account details have changed. Kindly use the updated account for this payment.”

4. Diverting Funds

Because the request appears legitimate:

  • finance teams process the payment
  • verification is often skipped due to urgency or familiarity

Funds are transferred to fraudulent accounts, often moved quickly across multiple jurisdictions.

In one documented case, a law firm transferred over $900,000 after receiving altered payment instructions that appeared authentic.

Why This Fraud Is So Effective

This scheme succeeds because it exploits:

1. Trust in Email Communication

Employees receive similar emails daily and may not question minor changes.

2. Process Familiarity

The request appears consistent with normal business activity.

3. Lack of Verification Controls

Many organizations do not independently verify changes to payment details.

4. Urgency and Timing

Fraudsters often act when:

  • payments are expected
  • teams are under pressure
  • processes are fast-moving

Common Red Flags

Organizations should be alert to:

  • sudden changes in bank account details
  • requests for urgent payment updates
  • minor variations in email addresses
  • unusual tone or formatting in communication
  • reluctance to confirm changes via other channels

How Organizations Can Prevent This Fraud

Prevention is not complex—but it requires discipline and structure.

1. Enforce Independent Verification

Any request to change bank details should be verified through:

  • a known phone number
  • direct contact with the vendor
  • a separate communication channel

Never rely solely on email confirmation.

2. Strengthen Email Security

Implement:

  • multi-factor authentication (MFA)
  • strong password policies
  • email monitoring tools

This reduces the risk of account compromise.

3. Segregate Financial Responsibilities

Ensure that:

  • no single individual controls the full payment process
  • approvals are required for payment changes

4. Introduce Payment Change Protocols

Formalize a process:

  • document all changes
  • require dual approval
  • log verification steps

5. Train Employees Regularly

Employees should be aware of:

  • how these scams work
  • what red flags to look for
  • how to respond to suspicious requests

Awareness significantly reduces risk.

6. Monitor Transactions

Regularly review:

  • unusual payments
  • new vendor accounts
  • changes in payment patterns

Early detection can reduce losses.

Why This Matters

Email-based payment diversion fraud is not a technical issue—it is a governance and control issue.

Organizations that rely heavily on trust-based processes without verification are particularly vulnerable.

The financial and reputational impact can be significant, especially where large transactions are involved.

Conclusion

Email-based payment diversion is one of the most sophisticated and damaging fraud schemes affecting organizations today. It succeeds not because systems are entirely weak, but because small gaps in controls are exploited with precision.

Strong verification processes, improved awareness, and structured internal controls are essential to protecting organizational funds.

About Alena Forensic Advisory

Alena Forensic Advisory provides forensic accounting, financial investigation, and fraud risk advisory services. We support organizations, legal teams, and insurers in analyzing financial records, identifying irregularities, and delivering evidence-based financial insights to support informed decision-making.

Back to blog