Tech Insights

Why Pearland Manufacturers Are Getting Hit by Business Email Compromise — and What Stops It

Digital wire transfer arrow intercepted by red question mark over Pearland warehouse silhouettes at dusk — Aspendora

Pearland‘s growing manufacturing and warehousing base — auto parts, building products, food processing, light industrial — shares a vulnerability that attackers have learned to exploit at scale: routine, recurring wire transfers to vendors and suppliers.

The attack is called Business Email Compromise (BEC). The FBI says it costs U.S. businesses billions every year. And the small manufacturers we see in the South Belt and Pearland industrial corridors are squarely in the target zone.

Anatomy of a BEC attack

Most BEC attacks unfold in three stages.

Stage 1: reconnaissance. The attacker identifies your company, your vendors, and your key people. LinkedIn tells them who your controller is. Public filings tell them your bank. Your website often tells them which industrial suppliers you work with. They sit and watch your domain and your vendors’ domains for invoice patterns.

Stage 2: compromise or impersonation. Either the attacker phishes one of your vendor’s email accounts (and quietly reads the email thread), or they register a look-alike domain that swaps one character (e.g., vendor-co.com becomes vendor−co.com with a different dash character). Most accounts payable staff won’t notice the difference under deadline pressure.

Stage 3: the ask. An email arrives that looks legitimate, says the banking details have changed, please update for the next invoice. The next real invoice comes in. Your team pays. The money goes to the attacker. By the time the real vendor calls about a missing payment two weeks later, the funds are gone.

Three Pearland-area patterns we’ve seen

Pattern 1: the supplier banking swap. A small Pearland fabricator pays one of its raw-material suppliers $80K/month. Attackers compromised the supplier’s email, watched a billing thread, then sent a banking update from the real supplier address. The next month’s payment went to the attacker. Recovery: zero.

Pattern 2: the CEO impersonation. A look-alike domain spoofs the owner’s address (one character off). An email goes to the controller late on a Friday: "Need you to wire $45K to this new account for a closing deal — will explain Monday." The controller, eager to be responsive, wires it. Monday morning the owner is confused.

Pattern 3: the payroll redirect. An employee’s email gets phished. The attacker sends HR a request from that employee’s real email: "Please update my direct deposit to this new account." HR updates it. The next paycheck goes to the attacker. Multiply if multiple employees are compromised at once.

The four controls that block 95% of BEC

  1. MFA on every email account, with no exceptions. Most successful BEC starts with a phished mailbox. MFA stops most of that cold.
  2. Vendor-payment verification process. Any change to banking details, no matter how urgent the request seems, requires a phone call to a previously-known number for that vendor. Not a reply-to-email. Not a number in the email.
  3. Email authentication: SPF, DKIM, DMARC. Properly configured, these reduce the success of domain spoofing significantly. Most Pearland small businesses have these incompletely configured.
  4. Employee training on look-alike domains and urgency cues. "Wire this today, before the deal closes" is an attacker’s favorite phrase. Train your team to slow down on those.

What to do if you got hit yesterday

If you discover a fraudulent wire:

  1. Call your bank immediately. Some banks can claw back funds if reported within 24-48 hours. After that, it gets much harder.
  2. File an IC3 report with the FBI. ic3.gov. The FBI’s Recovery Asset Team can sometimes recover funds, especially for transfers under 72 hours old.
  3. Notify your cyber insurance carrier. Many policies cover BEC losses, but timing of notification matters.
  4. Audit how it happened. Was an account compromised? Was a domain spoofed? Don’t pay the next invoice until you’ve found the entry point.

What to do this week

If you run a Pearland-area business that wires money to suppliers monthly, three quick wins:

  • Verify MFA is enforced on every email account today — including owner accounts.
  • Write a one-paragraph vendor-payment verification policy. Email it to everyone in accounts payable. Have them acknowledge.
  • Check your DMARC record. Most companies are at "p=none" (monitor only). Move to at least "p=quarantine." Our DMARC implementation guide walks through the steps.

If you’d rather have someone run this audit for you, book a free discovery call.

Aspendora Technologies provides managed IT services and cybersecurity to Pearland and Houston-area small businesses since 2010.

Need IT Help?

Talk to a real Houston-based IT pro. 15 minutes, no pressure.

Schedule a Free Consultation