In the scenario the OP describes, the wire could be made in person. The new twist is that a vendor/client of the bank's customer has their email hacked and a fake email is sent to the bank's customer saying "Hey, we've updated our account info. Please remit your outstanding invoice here..."
The bank's customer comes into the bank, fills out a wire request in person and off the money goes to the wrong place. The bank is not out any funds, but the bank customer who acted on the fake email is. This will trigger investigations, SARs, etc. Short of asking every customer, "Did you receive these wire instructions via email and if so, did you call and verify with the sender in person...?" our options are limited.
Hence my suggestion to share advice like that with all your clients on a larger scale to open their eyes to potential red flags.
Sola Gratia, Sola Fides, Sola Scriptura, Solus Christus, Soli Deo Gloria!www.tcaregs.com