Business Email Compromise: The Most Prevalent – and Preventable – Cyber Risk
Wednesday, January 24, 2024
Business Email Compromise Cybersecurity
Print Mail Download i

Ransomware attacks that shut business down to zero and data breaches that disclose the personal information of customers, vendors and employees justifiably strike fear in the hearts of executives everywhere. Organizations can suffer the reputational and financial consequences of these events for years to come. Due diligence in the current regulatory environment requires a plan for prevention and incident response.

But while ransomware and data breaches grab the headlines, business email compromise is overall the most prevalent and costly form of cybercrime. That’s because business email compromise is occurring every minute of every day. It’s a cybercriminal’s low hanging fruit.

Even the most sophisticated among us has been fooled by cybercriminals’ ever-more-savvy social engineering. Fraudsters can pose as a business partner more credibly than ever, through use of deceptively similar email addresses, alteration of the company’s real email chains, and alteration of familiar business forms. They learn the context of the financial transaction at issue in advance so they can cloak the crime in familiarity and take advantage of our reliance on email to get things done quickly. Millions in company funds have been unwittingly wired to fraudsters’ bank accounts, with discovery of the fraud occurring too late for claw back.

An Ounce of Prevention Is Worth a Pound of Cure

Combatting losses from business email compromise is straightforward. Institute an internal procedure for verification of authenticity prior to making payments, and regularly train your employees on social engineering techniques.

Many insurance policies covering social engineering losses require proof of such internal procedures and training as conditions of coverage. The limits available may also be insufficient to cover the entire loss. If sufficient coverage is unavailable, liability for diverted payments is typically apportioned to the party who was in the best position to avoid the loss.

Payment verification procedures and employee training – along with basic cybersecurity measures such as two-factor log-on identification and social engineering insurance – go a long way toward protecting the company’s bottom line from fraudsters and consequential harm to business relationships.

© 2024 Bradley Arant Boult Cummings LLP

Current Legal Analysis

More from Bradley Arant Boult Cummings LLP

Governor Signs PTE Tax Simplification Bill into Law
by: Bruce P. Ely , William T. Thistle, II
Another Day on the Solar Coaster: Coalition of Domestic Module Manufacturers Seeks Imposition of Additional Duties Against Imported Photovoltaic Cells
by: Monica Wilson Dozier , Amandeep S. Kahlon
CFPB Supervisory Highlights, Mortgage Servicing Edition, Shed Light on Agency Priorities – “Junk Fees” and Loss Mitigation
by: Christy W. Hancock , Robert Maddox
Practical Advice Regarding FTC’s Non-Compete Ban for Employers
by: Labor and Employment Practice Group
FTC Moves to Strike Most Noncompetes: Considerations for Cannabis Companies
by: Hillary Campbell , Najla Long
Unearthing the Truth: How Ambiguity Excavated a Win in False Advertising Claim
by: Danner Kline
Noncompetes Gone! FTC Issues Final Rule Banning Noncompete Clauses Nationwide
by: J. William Manuel , Anne R. Yuengert
Federal Trade Commission Alters Employment Landscape Through Nationwide Noncompete Ban
by: Brian A. Hayles , Michael P. Fischer
Raising the Threshold: DOL Issues Final Rule on Overtime Exemption Salary Requirements
by: T. Matthew Miller , Anne R. Yuengert
Biden Administration Enlists Public in Effort to Identify Potential Antitrust Violations in Healthcare Sector
by: Michael P. Fischer , Najla Long

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins