A fresh spin on a familiar wire transfer scam is spreading through the banking world – and most bankers don’t hear about it until it happens to them.

It goes like this: A bank receives a request from a business customer who wants to make a wire transfer. Bank staff proceeds through all the necessary steps to authenticate the transaction, including calling up the business in question to confirm that they did, indeed, initiate the wire transfer. Confident that it have done its due diligence, the bank makes the wire transfer – only to later receive a panicked phone call from the business in question over an unauthorized wire transfer. How could this have happened?

The weak link this time is in the call back, which once stopped a lot of fraud in its tracks. Frustrated by bankers’ due diligence, some criminals attempting fraudulent wire transfers have taken to hacking into and rerouting legitimate businesses’ phone systems, so they can intercept bankers’ attempt to authenticate wire transfers.

“The main thing the banks always hung their hat on is, we always do callbacks. The problem is, the call back is supposed to be out of band,” said Will Nowick, a principal at the Boston-based firm Wolf & Co.

While Nowick and his colleagues had heard murmurings about this type of scam for some time, they have recently identified specific circumstances where this has taken place in the Northeast United States. In other words, it’s no longer a hypothetical situation.

With phones and computers increasingly interconnected, it doesn’t take much for a tech-savvy thief to reroute the call once they’ve gained a foothold into an organization.

One potential solution bankers could recommend to some of their larger commercial clients, recommended by Nowick and acclaimed cybersecurity journalist Brian Krebs: banking on a live CD. That involves essentially rebooting the computer with Linux using a CD or USB drive and doing your banking that way. Your computer could be covered in malware, but hackers won’t be able to lay their hands on those banking credentials this way.

There’s one major snag to that solution, however.

“You’re definitely taking some time away from them doing their work, but at the same time, you’re raising the level of assurance that the digital identity that’s coming into the bank to request a transfer is who they say they are,” Nowick said.

Whether the scam du jour is phishing, spear phishing or email spoofing, it seems like bankers are constantly playing catch-up with fraud. And the speed with which fraudsters shift their tactics means that bankers need near-daily security updates and regular briefings with each other and their clients about the evolving threat landscape.

“There’s a heightened awareness among bankers, particularly in the area of business banking and in the area of wires,” said Hal Tovin, chief operating officer at Belmont Savings Bank. “If you’d asked us three years ago, we didn’t really have this kind of education. Now we have in person education with our customers. We invite them in, we provide them information by email and we provide them with security software.”

Belmont Savings Bank also tests and trains its own employees. Elizabeth Osborne, the bank’s chief information officer, attends seminars and forums to learn about the latest scams, and then she comes home and tries to pull those scams on the bank’s own employees.

For all the headline-grabbing attention that cybercriminals garner, check fraud is actually still one of the top fraud concerns for small businesses, said Richard Sardellitti, director of corporate security and fraud at East Boston Savings Bank. For that, business customers can avail themselves of solutions like Positive Pay, and of course, bankers urge them to monitor their bank accounts daily for unauthorized activity.

Bankers also advise their business clients to be on the lookout for internal fraud by their own employees. And of course, wire fraud and other electronic payments fraud is a top concern.

Every bank deals with it a little bit differently, but they share some common themes: education, communication and information sharing. Citizens Bank, for instance, has a team whose sole job is to monitor accounts for potential fraud, said Kristopher Puskar, director of sales strategy and partnerships on Citizens’ business banking team. They share information about the latest threats with other departments within the bank, and its bankers, in turn, share that information with their clients on a regular basis.

And Rockland Trust networks with accounting firms who are often in a better position to warn clients of potential vulnerabilities before a business falls victim to a scam, said Stacey Coyne, vice president of cash management and business development officer. After all, she said, the bank often doesn’t hear from a customer until after their account has been compromised.

Bankers might also find themselves battling misconceptions when they talk to their clients about fraud prevention.

“The most common one that we hear is ‘That’s not going to happen to me.’ [Customers] feel like, they hear these stories out there, but ‘That’s not going to happen to me because I do this, or I have this in place,’” Puskar said. “Another misconception might be, ‘As long as I report it in a timely manner, it’s not going to be on me. The bank will do whatever they can to make me whole.’”

Even if the bank can ultimately make a customer whole again from a monetary standpoint, that fraud victim will likely still have to deal with problems like temporarily frozen accounts, reputational damage and lost time. Sometimes that means sharing horror stories or frightening numbers to help hammer home their message.

“What’s very impactful for me is [telling people that] companies under 100 employees lose an average of 5 percent, or $154,000 annually, to fraud,” Coyne said. “When we talk about that with our customers, that’s impactful. Sometimes you have to use those research and studies.”

Editor’s Note: This story has been updated to correct the spelling of Kristopher Puskar’s first name.