Business Email Compromise (BEC) scams pose a major financial and operational threat to manufacturing supply chains worldwide. In fact, manufacturing is now the most targeted industry for advanced email attacks, including BEC, with 92% of organizations reporting they’ve been targeted—and 73% suffering at least one successful attack in the past year. Fraudsters sneak into email communications, impersonate vendors or executives, and manipulate payment instructions, leading to millions in fraudulent wire transfers.
With complex global supply chains, frequent high-value transactions, and multiple third-party vendors, manufacturers are especially vulnerable to these attacks. A single compromised email can result in huge financial losses, production delays, and reputational damage.
Let’s examine six real-world BEC scams that hit manufacturing companies around the world. Let these cases serve as a warning: Without robust cybersecurity and strict verification protocols, no business is safe.
Chemical manufacturing company Orion has reported a $60 million loss due to a BEC scam, according to a filing with the U.S. Securities and Exchange Commission (SEC). A non-executive employee was tricked into making multiple fraudulent wire transfers to accounts controlled by cybercriminals.
Orion is working with law enforcement to recover the stolen funds and explore insurance coverage. The company confirmed no unauthorized access to its systems or additional fraudulent activity.
BEC scams remain one of the most costly cyber threats. These attacks are increasingly enhanced by AI and deepfake technology, making impersonation more convincing. However, law enforcement has had some success recovering stolen funds, as seen in a recent case where Singaporean authorities retrieved $42.3 million from scammers.
Austrian aeronautics company Fischer Advanced Composite Components AG (FACC) lost a record €42 million ($47 million) in a BEC scam. The fraudsters impersonated then-CEO Walter Stephan via a spear-phishing email, tricking a finance employee into wiring €50 million for a fake acquisition project. While FACC managed to recover €10.9 million, the rest was lost in Slovakia and Asia.
FACC’s case is a classic ‘CEO Fraud’ attack, where scammers pose as top executives to pressure finance staff into making fraudulent transfers. Similar BEC scams have hit The Scoular Company ($17.2M), Pomeroy Investment Corporation ($495K), and NBA’s Milwaukee Bucks, which suffered a leak of employee W-2 records.
Toyota Boshoku Corporation, a major Toyota auto parts supplier, lost ¥4 billion ($37 million) in a BEC scam. On August 14, fraudsters convinced a financial employee to change account details on an electronic funds transfer. The company is working with law enforcement, but it’s unclear if the funds can be recovered.
In high-value attacks to target massive corporations like Toyota Boshoku Corporation, attackers resort to sophisticated tactics. They often impersonate executives or finance staff via spear-phishing or malware to gather intelligence before striking, and may monitor emails for months to time their fraud with large transactions.
Leoni AG, a German supplier of wiring systems, lost €40 million in a BEC scam after a Romanian factory CFO was tricked into transferring funds via a fraudulent email impersonating company headquarters. The scam, involving falsified documents and electronic communication, didn’t compromise Leoni’s IT systems or data security.
Following the announcement, Leoni’s stock fell over 5%, reaching a low of €32.8 on August 29. While the company assesses insurance claims and legal action, it stated that the loss hasn’t materially impacted liquidity or operations
A high-tech toy company, Flycatcher, fell victim to a sophisticated cargo theft scam, losing $1 million worth of toys across three truckloads in October. The scam involved identity theft, with criminals impersonating legitimate trucking companies to divert the shipments from a Las Vegas warehouse. Two truckloads ended up in Los Angeles, while the third remains missing, possibly in New York City.
The scam was executed through “strategic theft” and “double-brokering”, where criminals posed as legitimate trucking firms to accept shipments. Two real trucking companies, Orest Express (Chicago) and Basse Truck Line (San Antonio), had their identities stolen in the process. A third driver, Omar Siguenza, unknowingly delivered a stolen shipment to Los Angeles and was never paid.
These six cases highlight the growing threat of BEC scams and cybercrime in global manufacturing supply chains. From fraudulent wire transfers and CEO impersonation to ransomware attacks and cargo theft, these expose the vulnerabilities of businesses operating in a complex, digital-first world.
No company—regardless of size or industry—is immune. As cybercriminals become more sophisticated, businesses must stay vigilant, focus on cybersecurity, implement multi-layered verification processes and train their employees to safeguard their financial stability, operations, and reputation.
Nonprofits are prime BEC targets—see real attacks and what finance leaders must do to protect funds, data, and mission-critical operations.
See how 5 real BEC scams stole millions from healthcare orgs—what finance leaders must know to stop attacks that target payments, data, and operations.
Construction BEC scams are surging—see 6 real cases exposing how attackers target payments and what CFOs, finance teams must do to stop million-dollar losses.
Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.
