Three People Sent the Same Wire Transfer Instructions. One Was a Fraudster.
Quote from chief_editor on June 14, 2026, 5:30 pmBusiness email compromise targeting commodity trade payment instructions is a documented fraud category. The payment that was sent correctly matched fraudulent instructions.
A commodity trader purchasing copper concentrate from a Chilean producer had established a payment routine: wire transfers sent to the producer's Chilean account based on instructions received by email from the seller's finance team. The relationship had run for 18 months. Payment instructions came from a known email address and had been consistent throughout.
For the March shipment — a payment of $1.85 million — an email arrived from an address that appeared identical to the seller's finance team's address. The email contained updated bank details: a new account number in the same country, with a note explaining that the producer had changed banks and providing updated wire instructions. The email was professionally worded, included the correct invoice reference numbers, and was not identified as suspicious by the trader's standard email review.
The trader's accounts payable team sent $1.85 million to the new account. The account was controlled by a fraud operation. By the time the seller's actual finance team contacted the trader asking about the overdue March payment — three days later — the funds had been moved through multiple accounts and were unrecoverable.
The email address used by the fraudster had used a domain name one character different from the seller's actual domain — a substitution so subtle that standard email reading did not detect it. The email had been constructed with enough genuine detail — invoice numbers, contract references, amounts — to suggest the fraudster had access to the commercial correspondence between the buyer and seller.
Business Email Compromise in Commodity Trade Is Documented, Targeted, and Expensive
Business email compromise — BEC — fraud targeting commodity payment instructions is a specifically identified fraud category in FBI, Interpol, and cybersecurity firm reporting. The fraud targets the payment authorization step in commercial transactions: the moment when a buyer receives wire transfer instructions and sends funds. By intercepting or spoofing communications at this step, fraudsters can divert large payments that were legitimately owed.
Commodity trades are high-value targets because individual payments are large — typically six to eight figures in major commodity trades — and because the payment authorization process often involves relatively routine email-based communication without strong authentication. A buyer who has sent 20 payments to the same seller over 18 months will find the 21st payment routine. Routine processes attract reduced scrutiny.
The tactics used in BEC fraud targeting commodity trades include: domain spoofing (a domain that looks like the legitimate company's domain with minor character changes), account compromise (accessing the legitimate seller's email to send payment instruction updates from within the actual account), and man-in-the-middle interception (positioning fraudulently in the communication stream between buyer and seller). The last two are more sophisticated but also more convincing because the source email is genuine.
Industry estimates for BEC fraud losses in international commodity and trade finance transactions suggest that annual losses run into billions of dollars globally, with individual incidents in commodity trade commonly ranging from several hundred thousand to several million dollars. Recovery rates for wire transfer fraud are low — once funds have been moved through multiple accounts, international recovery through legal and banking channels is difficult and rarely complete.
The Authentication Controls That Prevent This
The specific control that would have prevented the $1.85 million payment from being made to the fraudulent account is a payment instruction authentication protocol: a requirement that any new or changed payment instructions be verified through a second, independent channel before being acted upon. In practice, this means calling the seller's finance contact at a previously known phone number — not a phone number provided in the new instructions — and confirming verbally that the payment instruction change is genuine.
This verification adds one phone call to the payment process. For a $1.85 million payment, the cost of that call is immeasurable against the risk. The call would have taken three minutes. The seller's finance team would have immediately denied sending new bank details. The fraud would have been stopped.
Payment authentication protocols for first-time instruction changes — requiring voice verification through independently confirmed contact details — are now standard recommendations from cybersecurity firms and banking institutions that advise on BEC fraud prevention. They are not yet universal in commodity trade operations, where payment processes were built around email efficiency and trust in established relationships rather than around the fraud patterns that have developed as commercial email has become a primary business communication channel.
Business email compromise targeting commodity trade payment instructions is a documented fraud category. The payment that was sent correctly matched fraudulent instructions.
A commodity trader purchasing copper concentrate from a Chilean producer had established a payment routine: wire transfers sent to the producer's Chilean account based on instructions received by email from the seller's finance team. The relationship had run for 18 months. Payment instructions came from a known email address and had been consistent throughout.
For the March shipment — a payment of $1.85 million — an email arrived from an address that appeared identical to the seller's finance team's address. The email contained updated bank details: a new account number in the same country, with a note explaining that the producer had changed banks and providing updated wire instructions. The email was professionally worded, included the correct invoice reference numbers, and was not identified as suspicious by the trader's standard email review.
The trader's accounts payable team sent $1.85 million to the new account. The account was controlled by a fraud operation. By the time the seller's actual finance team contacted the trader asking about the overdue March payment — three days later — the funds had been moved through multiple accounts and were unrecoverable.
The email address used by the fraudster had used a domain name one character different from the seller's actual domain — a substitution so subtle that standard email reading did not detect it. The email had been constructed with enough genuine detail — invoice numbers, contract references, amounts — to suggest the fraudster had access to the commercial correspondence between the buyer and seller.
Business Email Compromise in Commodity Trade Is Documented, Targeted, and Expensive
Business email compromise — BEC — fraud targeting commodity payment instructions is a specifically identified fraud category in FBI, Interpol, and cybersecurity firm reporting. The fraud targets the payment authorization step in commercial transactions: the moment when a buyer receives wire transfer instructions and sends funds. By intercepting or spoofing communications at this step, fraudsters can divert large payments that were legitimately owed.
Commodity trades are high-value targets because individual payments are large — typically six to eight figures in major commodity trades — and because the payment authorization process often involves relatively routine email-based communication without strong authentication. A buyer who has sent 20 payments to the same seller over 18 months will find the 21st payment routine. Routine processes attract reduced scrutiny.
The tactics used in BEC fraud targeting commodity trades include: domain spoofing (a domain that looks like the legitimate company's domain with minor character changes), account compromise (accessing the legitimate seller's email to send payment instruction updates from within the actual account), and man-in-the-middle interception (positioning fraudulently in the communication stream between buyer and seller). The last two are more sophisticated but also more convincing because the source email is genuine.
Industry estimates for BEC fraud losses in international commodity and trade finance transactions suggest that annual losses run into billions of dollars globally, with individual incidents in commodity trade commonly ranging from several hundred thousand to several million dollars. Recovery rates for wire transfer fraud are low — once funds have been moved through multiple accounts, international recovery through legal and banking channels is difficult and rarely complete.
The Authentication Controls That Prevent This
The specific control that would have prevented the $1.85 million payment from being made to the fraudulent account is a payment instruction authentication protocol: a requirement that any new or changed payment instructions be verified through a second, independent channel before being acted upon. In practice, this means calling the seller's finance contact at a previously known phone number — not a phone number provided in the new instructions — and confirming verbally that the payment instruction change is genuine.
This verification adds one phone call to the payment process. For a $1.85 million payment, the cost of that call is immeasurable against the risk. The call would have taken three minutes. The seller's finance team would have immediately denied sending new bank details. The fraud would have been stopped.
Payment authentication protocols for first-time instruction changes — requiring voice verification through independently confirmed contact details — are now standard recommendations from cybersecurity firms and banking institutions that advise on BEC fraud prevention. They are not yet universal in commodity trade operations, where payment processes were built around email efficiency and trust in established relationships rather than around the fraud patterns that have developed as commercial email has become a primary business communication channel.