Skip To Main Content
    Contact Us
    March 06, 2026

    Why social engineering is one of today’s greatest fraud risks.

    Technology has transformed how businesses move money. ACH, wires, near real-time payments and digital platforms have made transactions faster and more efficient than ever.

    They’ve also created new opportunities for criminals.

    Most fraud today doesn’t begin with a system breach — it begins with a person. Social engineering attacks exploit trust, urgency and routine. They rely less on technical skill and more on psychological manipulation. For businesses, that human factor is often the most vulnerable link in an otherwise strong environment.

    What is social engineering?

    Social engineering is a tactic criminals use to manipulate individuals into taking actions that benefit the attacker. Instead of breaking through firewalls, they persuade someone inside your organization to open the door. Common examples include the following:

    • Business email compromise (BEC). A fraudster impersonates an executive or vendor and requests an urgent wire or ACH payment change.
    • Vendor impersonation. A supplier’s email is spoofed with updated payments instructions.
    • Payroll diversion. An employee receives a request to “update” direct deposit information.
    • Phishing and smishing. Emails or text messages prompt users to click malicious links or provide login credentials.
    • Voice cloning and AI-enhanced scams. Attackers use artificial intelligence to mimic familiar voices or writing styles.

    Why payments are a prime target.

    ACH and wire transfers are essential tools for commercial clients. They support payroll, vendor payments, capital expenditures and time-sensitive transactions. Their speed is an advantage in daily operations. In the wrong hands, that same quality increases risk. Wire transfers, in particular, are designed for almost immediate settlement. Once approved and released, recovery options are limited. That’s why social engineering schemes frequently center on things out of the normal routine:

    • Last-minute changes to payments instructions
    • Requests that bypass typical approval processes
    • Urgent transfers tied to confidential or executive matters

    The common thread is pressure. Fraudsters try to create a sense of urgency that overrides regular verification.

    The broader commercial bank impact.

    While payments fraud receives the most attention, social engineering extends beyond wires and ACH and into other areas. Here are just a few:

    • Treasury management platforms and online banking credentials
    • Commercial card programs
    • Remote deposit capture
    • Loan disbursements
    • Internal accounting systems

    Any process involving access to, approval of or movement of funds is a potential entry point. The financial loss is only one dimension. Organizations may also face operational disruption, reputational harm and increased insurance or compliance scrutiny.

    The psychology behind the attack.

    Social engineering works because it taps into human behavior.

    • Authority: “The CEO needs this handled immediately.”
    • Familiarity: “We’ve worked together for years.”
    • Urgency: “Payment must go out today or we lose the deal.”
    • Fear: “Your account will be suspended unless you act now.”
    • Helpfulness: “Can you do me a quick favor?”

    In fast-moving environments, responding quickly is often rewarded. Fraudsters count on that instinct.

    The role of your bank.

    Fraud mitigation is strongest when it’s collaborative. At Commerce Bank, we work with clients to evaluate payments workflows, implement layered controls, and share emerging fraud trends. That includes reviewing internal processes and helping you think through scenario-based risks. No single control can eliminate fraud risk entirely; however, a layered approach, supported by consistent processes and strong communication, can significantly reduce exposure.

    A shift in mindset.

    Social engineering reminds us that cybersecurity is not only a technology issue — it’s an organizational issue. Strong fraud mitigation starts with awareness, requiring leadership support, cross-functional coordination, and a willingness to pause and verify, even when time feels limited.

    We encourage you to evaluate your payments processes and other banking activities through the lens of human risk. Ask where trust is assumed, where urgency overrides processes, and where additional safeguards may be warranted. By strengthening both your controls and your culture, you can continue to operate with confidence in an increasingly complex threat environment.

    Back to top

    About Us

    Careers

    • Join Our Team
    • Get Connected
    • Team Member Stories
    • Follow Us on Instagram
      You are now leaving the Commerce Bank website.

      By clicking the "I Agree" button below, you acknowledge and agree to the following:

      You will leave the Commerce Bank website and enter a third party social media/collaboration website. The information shared on Instagram.com is not the responsibility of Commerce Bank and we are not responsible for the content shared between users and participants on the site. Please note that Instagram.com may have its own privacy and security policies which differ from those of Commerce Bank.

      Never share your personal information on Instagram.

    • Upcoming Events

    Security Center

    Other Links

    Challenge Accepted.(R) Member FDIC. Commerce Bank logo

    Privacy Statement | Online Privacy Policy & Terms of Service | En Español

    Equal Housing Lender, Member FDIC

    Copyright © 2026 Commerce Bancshares, Inc. All rights reserved. Commerce Bank, Member FDIC.