Email Fraud & Payment Diversion: The Scam Hitting Malaysian Forwarders

In 2025, business email compromise accounted for around $3 billion in reported losses across nearly 25,000 cases logged by the FBI's Internet Crime Complaint Center, an average of roughly $123,000 a case. Freight forwarders sit squarely in the firing line, because the whole job involves moving other people's money and goods on instructions that arrive by email.

What makes the scam dangerous is how quiet it is. There is no fire, no sinking, and no damaged cargo, just an email that looks exactly like one from your client, your overseas agent, or your shipping line, asking you to update a bank account for a payment or to release cargo to a new party. You act on it because everything looks normal, and by the time anyone notices, the money or the cargo is already gone.

This guide is for Malaysian forwarders who pay and get paid by email. It sets out how payment diversion and fraudulent release scams actually work, why your standard freight forwarder's liability policy probably will not respond, and the cyber endorsement that closes the gap.

Key Facts: Forwarder Payment Fraud and Cyber Cover

What is business email compromise? It is a fraud in which a criminal impersonates a trusted party by email, often after compromising or spoofing a real account, to trick the victim into diverting a payment or releasing goods. It also goes by the names payment diversion fraud and CEO fraud.

How big is the exposure? The FBI Internet Crime Complaint Center recorded around $3 billion in business email compromise losses in 2025 across about 25,000 complaints, with total reported cybercrime losses near $21 billion, and flagged AI voice and email cloning as a growing enabler.

How does it hit a forwarder specifically? In two ways: a diverted payment, where you pay a real invoice into a criminal's account, and a fraudulent release, where you hand over cargo against forged or socially engineered instructions to the wrong party.

Does standard freight forwarder's liability insurance cover it? Often not, because traditional FFL covers physical loss and legal liability for cargo, and many wordings exclude financial loss from fraud, cyber events, or social engineering unless a specific endorsement is added.

What closes the gap? A cyber or crime endorsement on the freight forwarder's liability programme, or a standalone cyber policy, covering social engineering and funds-transfer fraud, subject to policy terms and conditions.

For the base cover, see freight forwarder's liability insurance, and for the fraudulent-release angle on cargo, see bill of lading surrender versus telex release.

The Two Scams That Target Forwarders

Payment fraud against forwarders almost always takes one of two shapes, and both rely on the same thing: that you will act on email instructions which look genuine.

The diverted payment

You owe money to an overseas agent, a shipping line, or a haulier, and an email arrives, apparently from them, saying their bank details have changed and asking you to pay the new account. Because the email is either sent from a look-alike domain or from the real account after it was hacked, it passes the eye test, so you pay, and the funds land in a mule account and are moved out within hours.

The reverse happens just as often. A criminal impersonates you to your client, tells them your bank details have changed, and your client pays the fraudster instead of you, after which you are still owed the money, the client insists they already paid, and the dispute lands squarely between you.

The fraudulent release

Here the target is the cargo rather than the cash. A criminal impersonates the consignee or the shipper and sends release instructions, a forged delivery order, or a socially engineered telex release request, you release the goods to the wrong party, and the real cargo owner holds you liable for the full value. This overlaps with misdelivery, covered in bill of lading surrender versus telex release, and with the chain exposure in the house bill and subcontractor chain.

Why Your Existing FFL Probably Will Not Pay

This is the part that catches forwarders out after the loss. Freight forwarder's liability insurance was built around physical risk, meaning cargo damaged, lost, delayed, or misdelivered and the forwarder's legal liability for it, whereas business email compromise produces a pure financial loss with no physical damage to cargo, which sits outside what most FFL wordings were ever designed to cover.

It gets worse, because many policies carry an explicit exclusion for loss arising from fraud, dishonesty, cyber events, or the voluntary parting with funds or goods induced by deception. A diverted payment is precisely a voluntary parting with funds induced by deception, so the exclusion bites at exactly the point where the loss happens.

The fraudulent-release case is more arguable, since it can look like a misdelivery, but insurers increasingly treat socially engineered release as a cyber and crime exposure rather than an operational one, so relying on the misdelivery cover to answer a sophisticated impersonation is a gamble you only resolve when you claim.

Do you know whether your FFL excludes payment fraud?

Voyage places cover for Malaysian forwarders directly with the underwriters who write these risks, and can read your current wording to show whether a diverted-payment or fraudulent-release loss would be paid or excluded. Send the policy through the quote form for a 48-hour review, or WhatsApp +60 19 990 2450.

What the Cyber Endorsement Actually Adds

The fix is not to replace the FFL but to extend it. A cyber or crime endorsement, or a standalone cyber policy sitting alongside the FFL, adds the cover that the liability policy was never built to provide, and the table below shows the gap and what fills it.

The detail that matters is whether the wording names social engineering and authorised-push-payment fraud, because some cyber policies cover the hack but not the voluntary transfer the hack leads to, and the right endorsement covers the loss whether the criminal broke in or merely tricked your staff. For the product family, see marine liability insurance and the sector view on freight forwarders and logistics.

The Controls That Stop Most of It

Insurers increasingly expect basic controls before they offer the cover, and the same controls are what actually prevent the loss, with four habits stopping the large majority of these frauds. The first, and the single most effective, is to verify every change of bank details by a second channel, meaning a phone call to a known number rather than the one in the email, confirming any new account before a payment goes out.

The second is to apply a callback rule to release instructions, so that any change to a consignee, delivery party, or telex release is confirmed by an independent contact before cargo moves, which is where the release fraud dies. The third is to harden email itself, with multi-factor authentication on all accounts, domain protection against spoofing, and staff trained to spot look-alike domains, because AI-generated impersonations are getting good enough that the human eye test no longer holds up on its own.

The fourth is to match the cover to the exposure by deciding the largest payment you might make on a single instruction and making sure the cyber or crime limit meets it, since a forwarder who routinely pays large overseas invoices needs a limit sized to one of those payments going wrong.

If It Has Already Happened

In payment fraud, speed decides recovery, because the funds move through mule accounts within hours, which makes the first day matter more than everything that follows. Contact your bank immediately to attempt a recall and freeze, report to the relevant authorities, and notify your insurer or broker the same day even if you are unsure the policy responds, while preserving the emails and their headers, since they are both evidence and the basis of any claim. The first-response discipline mirrors a cargo loss, set out in what to do in the first 24 hours after cargo damage.

Frequently Asked Questions

Does my freight forwarder's liability policy cover email fraud?

Usually not, because standard FFL covers physical cargo loss and legal liability, and many wordings exclude financial loss from fraud, cyber, or deception-induced transfers. A diverted payment is a voluntary parting with funds induced by deception, which is exactly what the exclusion targets, so you generally need a cyber or crime endorsement to be covered.

What is the difference between a hacked account and social engineering?

In a hack, the criminal gains access to a real email account and sends instructions from it, while in social engineering they impersonate a trusted party from a look-alike address without ever breaking in. Some cyber policies cover the hack but not the voluntary transfer that follows, so the wording needs to name social engineering and funds-transfer fraud, and it is worth checking that both are included.

If a client pays a fraudster instead of me, who loses?

It depends on the facts, but the dispute typically lands between you and the client, with each arguing the other should bear the loss, and the answer turning on whose systems were compromised and what verification was done. This is why a documented second-channel verification process protects you commercially as well as financially, and cover can respond depending on the wording and how the fraud occurred.

What controls do insurers expect before offering cyber cover?

Commonly multi-factor authentication on email, a verified-callback rule for any change of bank details or release instructions, domain spoofing protection, and staff awareness training, all of which are also the controls that prevent the loss in the first place. A forwarder with them in place is both safer and easier to insure.

Is this risk really bigger than cargo claims?

For many forwarders the financial exposure from a single diverted payment rivals or exceeds a typical cargo claim, and the frequency is rising as impersonation tools improve, with the FBI Internet Crime Complaint Center putting business email compromise near $3 billion in 2025 losses alone. The quiet nature of the scam is exactly why it is so often underinsured.

Voyage Conclusion

Payment diversion is the loss that does not look like a forwarding loss, which is precisely why the standard liability policy was never built to cover it and why so many forwarders discover the exclusion only after the money has gone. Verification controls stop most of it, and a cyber or crime endorsement meets the one that gets through.

Voyage places cover for Malaysian forwarders directly with the underwriters who write these risks, and can read your current FFL to show whether a diverted-payment or fraudulent-release loss would be paid. See freight forwarder's liability insurance, the freight forwarders and logistics view, and the related release and telex exposure. For a review, use the contact form or WhatsApp +60 19 990 2450 for a 48-hour indication.

Disclaimer: This article provides general guidance on payment diversion fraud and forwarder cyber exposure as of June 2026. Coverage terms, conditions, and availability vary by insurer, policy, and jurisdiction. Regulatory requirements differ between countries and may change.

Always review your specific policy wording and consult a qualified insurance or legal professional before making coverage decisions.