“The scheme is usually not detected until the company's internal fraud detections alert victims to the request or company executives talk to each other to verify the transfer was made.”

Bulletin by the Internet Crime Complaint Center, quoted by CFO.com