Nothing looked wrong. $600,000 still disappeared.

A BEC Scam isn’t a hack. It’s a failure to verify.

Several years ago, Risk Control Strategies worked its first Business Email Compromise case.

More than $600,000 had been redirected to fraudsters in China. Our review of the evidence established a simple but damaging truth: two court-ordered judgment payments were sent to FOUR foreign bank accounts after a change in wire instructions was accepted without verification.
• A major manufacturer.
• A large law firm.
• No confirmation.
• No secondary validation.

The funds never went to the attorney trust account at a Southern California bank where they belonged. At the time, we were stunned. Today, we are not.

Since then, we have been routinely called in by attorneys, private clients, and corporations facing BEC scams, suspected network intrusions, or systems that were allegedly “secure” according to IT support.

In every matter, we find the same issues:
• Security gaps
• Misconfigured controls
• Untrained staff
• Overreliance on assurances instead of verification

Our most recent case went to trial. The judge ruled in our client’s favor and cited the testimony of RCS’ expert directly in the decision.

“Don’t trust without verifying” should be the rallying cry in an era of fraud, misinformation, and increasingly sophisticated deception.

As physical and cyber security experts, RCS provides clients with assessments to help them mitigate security gaps before an event becomes a loss, a lawsuit, or a headline.