A vast array of cybersecurity threats costs businesses billions of dollars each year. In early 2016, the FBI issued a warning to American businesses about “business email compromise” (BEC) scams, also known as “CEO fraud.” It stated that the number of incidents involving this type of scam, along with the amount of associated losses, has quickly increased in the past few years. New York and New Jersey business owners should be aware of what this type of scam involves, and their potential liability should they be the victims of such a scam.
A typical BEC scam involves the use of a company’s own email network, or an email address made to look like an internal company email, to pose as the CEO or another high-level executive. The scammer, commonly known as the “imposter,” contacts a lower-level executive or employee and directs them to take certain actions, such as wiring money to an account that the imposter controls. By the time the company becomes aware of the scam, the imposter has usually withdrawn the money and closed the account. The BEC scam is similar to scams known as “phishing,” in which a scammer solicits personal information from people through emails made to look like they come from a bank or another legitimate entity.
A business could face various types of liability if it is the victim of a BEC scam, depending on the nature of the scam and the resulting loss. If the scam somehow compromises secure business information, such as customers’ payment information, the business could be liable to those customers for their damages from the identity theft and other misuse of that information. Guarding against BEC scams should be part of every company’s cybersecurity strategy.