Generally, hackers will have done some type of monitoring/transaction testing of the corporate account before a monetary theft is made.