Business email compromise on a client payment
An attacker compromises or spoofs a partner's inbox and sends fraudulent wire instructions to a client or the bank, diverting settlement or closing funds that are very hard to recover.
Enforced MFA, email authentication (SPF/DKIM/DMARC), out-of-band verification of payment changes, and monitoring for malicious inbox rules.