When One Payment Becomes a $545,000 Problem 

Surfside Beach is now dealing with investigations, insurance disputes, personnel fallout, and the challenge of explaining to taxpayers how half a million dollars vanished in a single transaction.

Jul 15, 2026

When One Payment Becomes a $545,000 Problem 

A few months ago, the town of Surfside Beach, South Carolina authorized a routine payment to a construction firm for underground utility work.

The payment left the town’s accounts but never reached the contractor. Instead, more than $545,000 was quietly redirected to a fraudulent account controlled by scammers. 

Investigators believe attackers intercepted or manipulated email communications somewhere between the town and the vendor, injecting bogus bank details into what looked like a legitimate invoice and payment request. Internal town systems show no evidence of breach, yet the loss is real, recovery is uncertain, and insurance coverage has already been challenged. 

If you move large payments, this story should feel uncomfortably familiar. Business email compromise and payment fraud usually don’t start with exotic malware or a full-blown network intrusion. They start with a trusted relationship, a real obligation, and a subtle change to the instructions that no one notices in the rush to get money out the door. 

Traditional defenses like awareness training, manual reviews, and dual approvals (i.e. “we follow our process”) struggle against this kind of attack because they all rely on people alone and lack technical protections. Once a compromised email thread becomes the de facto source of truth, a single oversight can turn an ordinary disbursement into a six- or seven-figure loss, and your team may not realize it until the vendor calls asking why the funds never arrived. 

Conduit exists to break that pattern. By validating counterparties, screening payment instructions, and enforcing policy inside the payment workflow, Conduit ensures the payment you intend to send is the payment that goes out, no matter who has seen or tampered with the surrounding email. Instead of relying on perfect execution of your policies every time, you get embedded controls that ensure best practices are followed and automatically escalate risky behavior before money moves. 

Surfside Beach is now dealing with investigations, insurance disputes, personnel fallout, and the challenge of explaining to taxpayers how half a million dollars vanished in a single transaction. For any organization moving large payments, the lesson is clear: security breaches are not causing massive losses. Instead, social engineering tricks, used at scale, are causing the biggest financial losses 

Contact Us