A loan provider fell victim to a phishing email, leading to business email compromise (BEC). The BEC resulted in their accountants sending seven fraudulent transactions totaling approximately $3M. When the policyholder attempted to implement multifactor authentication (MFA), they discovered a threat actor had already done it. Unfortunately, because the last fraudulent transaction occurred two months before the reported claim, Coalition could not recover any of the stolen funds. Ultimately, the policyholder’s coverage kicked in and their losses were partially covered, but they still experienced significant losses.