BEWARE IMPERSONATION SCAMS! Be sure that you are interacting with us. We e-mail exclusively from the domain @dilendorf.com
service banner image

Business Email Compromise & Wire Fraud

Logo0
Logo1
Logo2
Logo4
Logo5
Logo6
Logo7
Logo8
Logo9
Logo10
Logo11
Logo12
Logo13
Logo14
Logo15
Logo16
Logo17
Logo18
Logo19
Logo20
Logo21
Logo22
Logo23
Logo24
Logo25
Logo26
Logo27
Logo28
Logo29
Logo30
Logo31
Logo32
Logo33
Logo34
Logo35
Logo36
Logo37
Logo38
Logo39
Logo40
Max Dilendorf, Esq. Max Dilendorf, Esq.

212.457.9797  |  max@dilendorf.com

We represent businesses, family offices, and individuals whose funds were stolen through fraudulent wire transfers.

An attacker compromises an email account, watches for weeks, then forges a wire instruction at the perfect moment. Within hours, the funds are gone.

What’s left is a legal question — which institution in the chain failed, and what claims will recover the loss.

Contact us at info@dilendorf.com or 212.457.9797 for a confidential consultation.

Family Office AdvisoryCrypto, EB-5 & Gold Card VisasDigital Asset Holding Companies & Crypto FoundationsCrypto Special Purpose Trusts for Digital Assets
Asset Protection & Cross-Border StructuringCrypto, EB-5 & Gold Card VisasFamily Limited PartnershipsAsset ProtectionSwiss Banking for U.S. ClientsAsset Protection for NY ResidentsWyoming Asset Protection TrustsEstate & Gift Tax PlanningDomestic Self-Settled TrustsCook Islands TrustsTrusts & Estates PlanningClosely-Held BusinessPre-Immigration Tax PlanningForeign Investments in U.S.International Tax Planning
HNW Cybercrime ArbitrationDomain Hijacking, IP Theft & Likeness MisappropriationRansomware Response & Cyber Insurance CoverageBusiness Email Compromise & Wire FraudCrypto Exchange Arbitration (Coinbase, Gemini, Kraken)SIM-Swap & Account Takeover Recovery

The fraud usually plays out the same way

An attacker compromises a legitimate business email account — through phishing, credential theft, malware, or a SIM-swap that defeats text-message two-factor authentication. The attacker then spends days or weeks inside the account, studying communication patterns, vendor relationships, payment cycles, and the writing styles of executives and counterparties.

When a legitimate wire transfer is imminent — a real estate closing, a vendor payment, an escrow release, a payroll run — the attacker intervenes, forging an instruction from an executive, a vendor, a title company, or a lawyer.

The wire is diverted to a criminal-controlled account, and within hours the funds are gone.

Experience What is left is a legal question: which institution in the chain failed, and what claims will recover the loss? That is the work we do.

The fraud usually plays out the same way

The anatomy of the loss

An attacker compromises a legitimate business email account — through phishing, credential theft, malware, or a SIM-swap that defeats text-message two-factor authentication.

The attacker then spends days or weeks inside the account, studying communication patterns, vendor relationships, payment cycles, and the writing styles of executives and counterparties.

When a legitimate wire transfer is imminent — a real estate closing, a vendor payment, an escrow release, a payroll run — the attacker intervenes, forging an instruction from an executive, a vendor, a title company, or a lawyer. The wire is diverted to a criminal-controlled account, and within hours the funds are gone.

What is left is a legal question: which institution in the chain failed, and what claims will recover the loss? That is the work we do.

Five ways the wire gets diverted

Common attack patterns

The fraudulent instructions look authentic because they come from — or appear to come from — a real business email account, often using a near-identical lookalike domain.

  • Executive impersonation A forged email from the CEO, CFO, or controller instructs finance staff to wire funds to a new account — citing urgency and confidentiality.
  • Vendor impersonation A forged email from an existing vendor provides “updated” wire instructions for an upcoming invoice payment.
  • Real estate closing fraud A forged email from the title company, escrow agent, or attorney redirects a buyer’s closing funds.
  • Law firm impersonation A forged email from outside counsel instructs the transfer of trust account or settlement funds.
  • Payroll diversion A fraudulent change of direct deposit instructions reroutes an executive’s or employee’s pay.

Most cases fit one of these patterns — but not all. Tell us what happened and we’ll assess the recovery path.

The criminal is overseas. The institutions are not.

The person who initiated the transfer is usually unreachable. But the U.S. banks, processors, and providers in the chain are — and their failures are typically what made the loss possible. Each is a potential defendant.

The Receiving-Bank Problem

Once a fraudulent wire arrives at the destination bank, funds are typically transferred out, withdrawn, or converted to cryptocurrency within hours.

Recovery from the receiving bank often depends on whether that bank applied Bank Secrecy Act and anti-money-laundering procedures to flag the suspicious incoming transfer—particularly when a small or newly opened account receives a large incoming wire that is immediately drained.

We pursue claims against receiving banks that ignored obvious red flags: shell account names not matching the wire reference, rapid pass-through of large incoming wires, multiple fraud-related incoming wires to the same account, and failures to comply with FinCEN Suspicious Activity Reporting (SAR) obligations.

The Sending-Bank Problem

Sending banks can also bear liability under UCC Article 4A where they failed to implement or follow commercially reasonable security procedures.

Common issues include:

  • Failure to require callback verification for wire instruction changes
  • Failure to flag unusual transactions inconsistent with the customer’s historical patterns
  • Override of fraud-detection alerts without independent verification
  • Inadequate authentication of the wire request itself

UCC Article 4A allocates loss between the customer and the bank based on the parties’ adherence to a “commercially reasonable” security procedure—and many banks fall short.

Email and IT Provider Liability

Where the underlying email account compromise resulted from a security failure by the email or IT service provider—inadequate authentication controls, failure to detect ongoing intrusion, failure to alert the customer to anomalous access—the provider may also bear liability.

This is particularly relevant for managed service providers (MSPs) and IT vendors who contracted to provide specific security services and failed to deliver them.

The 72-Hour Window

Recovery of fraudulent wire transfers depends almost entirely on speed.

Within the first 24-72 hours, victims should:

  • Notify the sending bank in writing and demand a SWIFT recall
  • File a complaint at IC3.gov and request Financial Fraud Kill Chain assistance
  • Notify the FBI field office in the sending bank’s jurisdiction
  • File a Suspicious Activity Report through the bank
  • Preserve all email evidence, server logs, and authentication records before they are purged
  • Engage counsel to coordinate recovery efforts and preserve civil claims

Why These Cases Differ from Ordinary Fraud

  • Wire transfers are not generally reversible—recovery requires bank cooperation, court orders, or freezing assets in the receiving account before they disappear
  • Multiple parties typically bear responsibility (sending bank, receiving bank, email provider, IT vendor), and identifying every viable defendant is critical
  • Most BEC losses are not covered by standard commercial crime insurance policies without specific “social engineering fraud” endorsements—coverage disputes are common
  • The criminal actors are typically overseas and difficult to reach, making civil claims against the institutions the only viable recovery path

Contact Us

If your business, family office, escrow account, or personal account has been hit by a fraudulent wire transfer, BEC attack, vendor impersonation, or spear-phishing scheme, contact us at info@dilendorf.com or 212.457.9797 for a confidential consultation.

The first 24-72 hours determine whether recovery is possible.

Government Resources

Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.