At its most simple, business compromise fraud involves a fraudster compromising a business’s IT systems and tricking that business or another business into willingly making bank transfers to the fraudster. The crucial point is that these frauds – also known as authorised push payment (APP) frauds – involve a payment being made by a person in control of the account who is labouring under a false assumption that the payment details they are using are legitimate, whereas in fact the payee account is controlled by fraudsters. Scams can take on many shapes and forms, including: (i) the fraudster assuming the identity of senior management and asking someone within the financial department to make a transfer; (ii) hacking an employee’s email account in order to request payments be made to vendors; and (iii) hacking a vendor’s account in order to request payments. When the fraud succeeds, the fraud will result in a company’s bank transferring funds to a fraudster’s bank account at its bank.

https://www.financierworldwide.com/the-rise-and-rise-of-business-compromise-fraud-a-victims-toolkit#.Y6Ayi3bP2Ul