Guarding The Inbox: How Employers Can Shut Down Spoofing Risks

January 13, 2026

Chisom Okonkwo, a 29-year-old resident of Lawrenceville, Georgia, was sentenced in federal court in Clarksburg, West Virginia, to seven months in prison for a wire fraud scheme that involved more than $1 million stolen from a West Virginia business.

In addition to the prison term, she was ordered to pay more than $610,000 in restitution to address the losses that remained after part of the money was recovered.

According to the enforcement summary, Okonkwo and another defendant set up an email account designed to closely imitate the address of an employee of a business located in Gilmer County, West Virginia.

Using this spoofed address, they sent fraudulent payment instructions to a vendor that normally did business with the West Virginia company, directing the vendor to send funds to a bank account under the defendants' control rather than to the legitimate business.

The vendor followed those instructions and wired more than $1 million to the account associated with the scheme, believing the directions came from a genuine company representative.

Before the fraud was detected and stopped, Okonkwo and her co-defendant had already spent more than $600,000 of the diverted money, leaving significant losses for the victim business and its trading partner.

The case was brought by the U.S. Attorney's Office for the Northern District of West Virginia.

Source: https://www.justice.gov/usao-ndwv/pr/georgia-woman-sentenced-1-million-wire-fraud

Commentary

Spoofing is a technique in which an attacker deliberately falsifies digital identity information so that a message, website, phone call, or other communication appears to come from a trusted source when it does not.

In the workplace, the most common form is email spoofing. A cybercriminal manipulates the sender's name, address, or domain to mimic an executive, vendor, or internal department and to induce staff to send money, disclose data, or open malicious links and attachments.

Spoofing attacks often sit at the heart of business email compromise schemes, invoice fraud, payroll diversion, and credential-harvesting phishing campaigns. Losses in these cases can quickly reach six or seven figures for a single successful incident.

Because spoofed messages often look routine and rely on social engineering rather than on technical exploits, even careful employees can be deceived if the organization has not provided effective training around identity verification and payments.

Spoofing relies heavily on social engineering and pressure tactics. Employers should train staff, especially in finance, HR, procurement, and executive support roles, to look beyond the display name in an email and carefully inspect the actual address and domain by hovering over links to confirm destinations. Treat any unexpected urgency around payments, gift cards, banking changes, or confidential data as a red flag.

Training should emphasize that instructions involving money movement, payroll changes, W-2 data, benefits data, or access credentials are never to be completed solely on the basis of an email or text message, even when the sender appears to be an executive, law firm, regulator, or long?time vendor contact.

Scenario-based exercises, including simulations of CEO fraud and vendor-invoice spoofing, help to train staff to pause before acting and to not succumb to the perceived pressure.

Employers should require verification for all new or changed payment instructions, such as independently calling the vendor or executive using a known, pre-verified phone number rather than using any contact information in the email.

Dual-control or multi-person approval for wire transfers, ACH changes, large refunds, and vendor banking updates reduces the risk of a single employee being tricked into authorizing a high-value transaction.

Standardized processes for contracting with vendors, modifying master data, and making exceptions should be written down, audited, and consistently enforced. This can help make social-engineering ploys framed as urgent exceptions easier to recognize and deny.

Finally, employers should have an incident response plan that tells staff exactly how to report a suspected spoofed message, how IT will isolate affected accounts or devices, and how finance will contact banks immediately to attempt recalls or holds on fraudulent wires or ACH transfers.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Guarding The Inbox: How Employers Can Shut Down Spoofing Risks

We examine how email spoofing enables high?value business fraud and outline training topics employers can use to help prevent loss or compromise from spoofing.

Have Return-To-Work Policies Increased Workplace Stress? You Make The Call

A survey in Ireland claims that stress and anxiety are climbing and pinpoints return-to-work policies as the reason. What do you think?

AI vs. AI: The Battle Against Intelligent Malware

This commentary explores how artificial intelligence is being utilized to combat the growing threat of AI-powered malware in the cybersecurity landscape.

Protecting Patient And Staff Privacy From Covert Recording Devices

We examine how healthcare employers can reduce the risk of hidden cameras in private areas through clear policies, targeted controls, staff training, and prompt incident response.

Recognize Manipulation Of Payment Processes To Prevent Embezzlement

We comment on how employers can identify and respond to signs of manipulated payment systems, emphasizing steps to prevent, detect, and mitigate the risk of insider financial crimes.