Cyber Intrusions and ACH Fraud: The Hidden Threat in Your Inbox

Written By Jaemi Allen

Cybercriminals are evolving their tactics, and one of the most damaging threats facing businesses today is ACH fraud via email compromise. This type of fraud occurs when hackers gain access to an employee’s email account and use it to manipulate financial transactions—often by redirecting ACH payments to fraudulent accounts. The consequences can be severe, leading to significant financial losses and operational disruptions.

How Does ACH Redirect Fraud Happen?

The attack typically follows a three-step process:

1. Email Account Compromise

  • Cybercriminals gain access to a business email account through phishing, weak passwords, or other cyber intrusions.

  • Once inside, they monitor financial communications to understand how invoices and payments are processed.

2. Fake ACH Payment Instructions

  • Posing as a legitimate employee or vendor, the hacker sends an email instructing a change in ACH payment details.

  • Since the email is actually coming from the employee's real email account, clients, or vendors may unknowingly update the payment instructions.

3. Funds Transferred to a Fraudulent Account

  • Payments are sent to the attacker’s bank account instead of the intended recipient.

  • By the time the fraud is detected, recovering funds can be extremely difficult.

Real-World Example: How This Happens to Businesses

Consider this scenario: A company’s accounts payable manager receives an email appearing to be from a longtime vendor. The message states:

“Due to a recent banking transition, we are updating our ACH payment details. Please send all future payments to the new account listed below.”

The email is well-written, contains no obvious red flags, and even includes the vendor’s real email signature—because the hacker has been monitoring previous communications. Believing it to be legitimate, the company updates the banking details and unknowingly sends tens or even hundreds of thousands of dollars directly to a fraudster.

By the time the real vendor calls about the missing payment, the attacker has already withdrawn the funds and disappeared.

Warning Signs: How to Spot ACH Fraud Attempts

Employees must remain vigilant and look for these red flags:

  • Unsolicited payment change requests – Always confirm with a known contact at the vendor before updating ACH details.

  • Urgent or rushed requests – Hackers often create a sense of urgency to bypass standard verification processes.

  • Slight email variations – Watch for misspellings or subtle changes in domain names (e.g., '@vendor-company.com' vs. '@vendorcompany.co').

  • Unusual sender behavior – If a request comes from a familiar contact but feels 'off' in tone or timing, investigate further.

How to Protect Your Business

  1. Implement Multi-Factor Authentication (MFA) – Require employees to use MFA for email accounts to prevent unauthorized access.

  2. Verify Payment Requests – Always call a known contact at the vendor using a verified phone number before making changes.

  3. Train Your Team – Regular cybersecurity awareness training helps employees recognize phishing and fraud attempts.

  4. Create an ACH Policy – Require a formal process for verifying and approving ACH payment changes.

  5. Monitor for Unusual Activity – Review email forwarding rules and login history for unauthorized access.

The Bottom Line

Cybercriminals are actively exploiting email weaknesses to commit ACH fraud. By implementing strong security measures and remaining vigilant, businesses can prevent devastating financial losses. Larson Gross is here to help you strengthen your cybersecurity posture—contact us to discuss best practices for securing your financial transactions.

Jaemi Allen