Practice the response when a wire request is fraud

Q: Can we anchor this on our own payment workflow?

Yes. Use the Scenario Theme field to model your actual approval chain (for example, `Treasury wire above $250k` or `Vendor bank-detail change`).

Q: Does this cover the email-account compromise variant?

Yes. Injects can escalate from a spoofed sender to a genuinely compromised mailbox with malicious forwarding rules, forcing containment decisions.

Q: How is funds recovery modeled?

Injects reference the recall window and bank fraud-desk coordination; reports flag where the team missed the verification or recall timing.

Rehearse out-of-band payment verification, wire-recall coordination, mailbox compromise containment, and vendor communications under deadline pressure.

Buy One Exercise Compare Plans Preview Sample Report

The Problem

Common gaps in business email compromise exercises

Verification gets skipped under deadline pressure

BEC attacks manufacture urgency. Teams that have never rehearsed the out-of-band callback default to releasing the payment.

Wire recall starts too late

Funds-recovery windows are measured in hours. Teams rarely know who calls the bank fraud desk or how a SWIFT recall is initiated until it is already overdue.

Mailbox compromise goes unscoped

A spoofed sender and a compromised mailbox look alike at first. Without rehearsal, teams miss forwarding rules and prior fraudulent payments.

Scenario overview

What this exercise helps your team practice

Scenarios start from a credible payment-fraud trigger — a spoofed executive email, a vendor bank-detail change, or a look-alike reply-to domain — and push the team through verification, containment, and funds recovery.

Default roles

Default roles include a finance decision lead, security lead, legal, communications, and an executive sponsor.

What gets tested

Measure fraudulent-payment detection, out-of-band verification, wire recall and bank coordination, and dual-authorization and email authentication controls.

Example inject

Accounts payable receives an urgent email appearing to come from the CFO authorizing a same-day wire to a vendor's updated bank account. The team must verify out-of-band, hold the payment, and coordinate recall if funds already moved.

Preview the report before you run

Every run produces a scored report mapped to recognized frameworks. Open the sample report to see the format teams receive after a live Business Email Compromise exercise.

Preview Sample Report

FAQ

Frequently asked questions

Can we anchor this on our own payment workflow?

Does this cover the email-account compromise variant?

How is funds recovery modeled?

Ready to run a Business Email Compromise exercise? View pricing, browse other exercise types, or try a free demo run.