AWARENESS IS A SAFETY

Invoice Fraud via Compromised Corporate Email

Case Study: Invoice Fraud via Compromised Corporate Email

This case highlights a classic but highly effective invoice redirection scam, made possible by weak email security controls.

A shipping company entered into a legitimate transport contract through an established chain of brokers and intermediaries. All communication was conducted via corporate email accounts.

Unbeknownst to the company, attackers gained unauthorized access to internal email accounts through phishing. The compromised mailboxes were not protected by two-factor authentication, and passwords were stolen or otherwise compromised.

Once inside, the fraudsters:

  • Set up hidden email rules to automatically intercept and conceal incoming messages from counterparties
  • Monitored invoice traffic in real time
  • Manipulated email headers to impersonate trusted partners
  • Sent a fake “revised invoice” with altered bank details while keeping the original invoice amount unchanged

Because the invoice looked legitimate and came through an expected communication channel, the payment was executed without raising suspicion.

Only days later, when the legitimate counterparty reported non-payment and refused to perform under the contract, the fraud was discovered. By that time:

  • The funds had already been transferred out of the recipient bank
  • The account used had been opened online and was allegedly used solely for money laundering
  • Law enforcement was unable to proceed due to lack of identifiable account holder information

As a result, the victim company suffered a double loss:
they had to pay the legitimate invoice again to continue operations, while the fraudulent payment remained unrecovered.

Key Takeaways

  • Corporate email accounts without 2FA are a critical vulnerability
  • Invoice fraud often involves no changes to amounts or wording, only bank details
  • Fraudsters actively hide correspondence to delay detection
  • Email trust chains (brokers, agents, intermediaries) increase risk
  • Recovery chances drop dramatically once funds are moved across jurisdictions

This case demonstrates that email security is not an IT issue — it is a financial risk issue. One compromised mailbox can lead to losses measured in hundreds of thousands, even when all counterparties are legitimate.

Leave a comment