In July 2025, a Canadian law firm narrowly avoided a multimillion-dollar business email compromise (BEC) loss thanks to fast action by a Hong Kong bank and coordinated international response. The firm had been tricked into transferring CAD $2.3 million to a fraudulent overseas account — but one anomaly triggered an alert that saved the funds.
According to the Canadian Anti-Fraud Centre, the fraudsters used spear phishing tactics to impersonate trusted parties. They convinced someone at the law firm to initiate a high-value cross-border payment to a Hong Kong account. That’s where it could have ended — but a red flag was raised when the receiving bank spotted irregularities.
The Hong Kong Police’s Anti-Deception Coordination Centre (ADCC) and the Canadian Anti-Fraud Centre’s Recovery Initiative collaborated to intercept the transfer. Their efforts led to the full recovery of the funds — a rare outcome in BEC cases, where delays usually mean irreversible loss.
How the fraud worked, and what stopped it
The attackers didn’t breach systems or use malware. Instead, they relied on persuasive, personalized emails that mimicked legitimate business instructions — a classic BEC technique. Because the request appeared to come from a known contact, it likely bypassed traditional fraud checks focused on vendor setup or invoice validation.
But a key control broke the chain: anomaly detection at the bank level. Something about the account or transaction behavior flagged the payment as suspicious. That gave authorities time to respond.
Implications for finance teams
This case shows how:
- controls need to extend beyond vendor onboarding to payment execution
- internal processes must include out-of-band verification for high-risk transfers
- delay in detection can mean permanent loss — time is the enemy
- cross-border payments require extra scrutiny and layered defenses
How Eftsure helps prevent similar incidents
Eftsure strengthens payment security with real-time controls across the transaction lifecycle:
- payment verification validates bank account details before funds are released
- transaction monitoring flags unusual patterns, such as large transfers to new accounts
- vendor validation ensures counterparties are legitimate before payment instructions are ever received
These controls work alongside bank-level protections to give finance teams upstream visibility — reducing their reliance on post-incident recovery.
Looking forward
The CAD $2.3 million recovery is a rare success story. In most BEC attacks, the money is gone in minutes. This incident is a reminder that fast detection and coordinated response matter — but prevention matters more.
Eftsure helps make prevention possible. By validating vendors, verifying payments, and monitoring transactions in real time, finance teams can catch social engineering attempts before they become losses.
Ready to build proactive payment defenses? Book a demo with Eftsure.
