Connect with us


Protect Your Business from Email Account Compromises – The National Law Review



Scamming, phishing, pharming, vishing — people in the business world are well aware that hackers and other fraudsters have developed a myriad of schemes designed to obtain sensitive personal information and money.  Every year, these schemes cause businesses to suffer significant financial losses.  The FBI estimates that in 2020 business email compromise (“BEC”) and email account compromise (“EAC”) schemes caused losses of $1.86 billion.  To combat these schemes, companies spend thousands of dollars to secure their computer systems and train their employees to recognize and prevent fraudulent schemes from succeeding.  But no matter the preventative steps taken by businesses, hackers and fraudsters manage to stay one step ahead with new, creative schemes.
A recent fraud that businesses have unfortunately experienced is EAC, where hackers gain access to and use legitimate business email accounts of vendors and service providers to direct customers to send money to unauthorized accounts.  EAC affects businesses ranging from small to large and can occur in any industry, including financial institutions, real estate, contractors and law firms.  In a typical EAC scenario, hackers gain access to a person’s actual email account and are able to monitor the incoming and outgoing correspondence in order to learn business practices, customer information and payment terms.  At an appropriate time, the hackers use the email account to send payment instructions to a customer who legitimately owes money to the purported author’s company.  The customer receiving the email has likely communicated with the company and its employees previously and, having no reason to suspect the hacking, follows the directions and sends payment (ranging from thousands to millions) to a fraudulent account.  By the time everyone realizes what has happened, the hackers and the money are long gone.
Because EAC is a relatively new fraud phenomenon, very few courts have had the chance to consider and decide the issue of who amongst the affected parties will ultimately bear the loss.  Published legal decisions suggest that courts are tending to place liability on the party who was, in a given factual scenario, better able to prevent the fraud.
As governing legal doctrines are established, however, businesses are left to figure out how best to protect themselves from EAC and the resulting losses.  Thankfully, numerous means of protection from EAC schemes are available.  Three of the easiest are: (1) documentation, (2) communication and (3) insurance.
Prior to doing business with each other, vendors and their customers should memorialize the terms of their relationship in written contracts.  In addition to the typical terms one expects to see in contracts (e.g., scope of work, agreed upon price and timelines, etc.), authorized payment methods and allocation of risk should be included.  By agreeing up front as to how and where payments are to be made, the parties can ensure that any potential future EAC communications regarding payment will be immediately flagged and investigated.  Moreover, by delineating who bears the risk of loss, should computer systems be compromised and payments be diverted, the parties will understand the duties and obligations they owe to one another and will hopefully take the steps necessary to protect their systems.
When payments are owed and transfer of money between businesses is necessary, any emails received that contain directions for payments to be made to specific accounts or by certain methods should be verified prior to release of funds.  The employee responsible for initiating the transfer of funds should not simply trust the email, even when it appears to have been sent from a legitimate and verified email account.  Instead, they should personally reach out to the person who supposedly sent the email, either in person or via a telephone call, to confirm the directions are legitimate and the accounts actually belong to the company that is ultimately entitled to receive the payment.  Only after successfully verifying authenticity of the payment instructions should the person initiate the fund transfer.
Businesses can and should obtain cyber-security insurance riders (which are not automatically part of standard business insurance policies) that provide coverage for losses caused by EAC and other information security breaches.  Such policies provide an added layer of protection for companies when fraud is not timely discovered or prevented.  All businesses should ask their insurance agents to confirm what cyber-security insurance options are available to them.
Although EAC and other information security fraud will unfortunately continue to plague the business world, companies can, by implementing these recommended practices, often prevent and/or protect against the significant consequences they might otherwise face.
About this Author
For more than 20 years, Heather has focused her practice on commercial litigation. She has represented individuals, as well as businesses in a broad spectrum of industries, including contractors and manufacturers, financial institutions, luxury good retailers, real estate developers, closely held corporations, partnerships and publicly traded companies. Her clients have ranged in size from small start-ups to large global conglomerates and everything in between.
She has extensive litigation experience in a wide variety of legal disputes, including trademark and copyright infringement…
As a woman owned company, The National Law Review is a certified member of the Women's Business Enterprise National Council
You are responsible for reading, understanding and agreeing to the National Law Review’s (NLR’s) and the National Law Forum LLC’s  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  
Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 
Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.
The National Law Review – National Law Forum LLC 4700 Gilbert Ave. Suite 47 #230 Western Springs, IL 60558  Telephone  (708) 357-3317 or toll free (877) 357-3317.  If you would ike to contact us via email please click here.


Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply


Realm Scans: Navigating the Uncharted Territories of Digital Discovery



In the expansive landscape of digital exploration, there exists a realm where information becomes an adventure—Realm Scans. Beyond a mere scanning service, this digital haven is where curiosity converges with innovation, and the uncharted territories of digital discovery come to life. Join us as we embark on a journey to unravel the unique dynamics of Realm Scans, navigating through the realms where information is not just scanned but transformed into a digital odyssey.

“Digital Horizons: Exploring the Essence of Realm Scans” is not just a title; it’s an exploration into the multifaceted dimensions of a scanning service that transcends the mundane. This article is an invitation to delve into the layers of technological prowess, user-centric design, and the transformative impact that defines Realm Scans in the dynamic world of digital information.

At the core of Realm Scans lies a commitment to redefining how we interact with information. “Digital Horizons” delves into the innovative features and functionalities that make Realm Scans more than just a scanning service. It’s a digital gateway where documents become gateways to exploration, and information is a portal to new discoveries.

A standout feature is the user-centric approach that defines the Realm Scans experience. “Digital Horizons” explores how user interface design, accessibility, and intuitive navigation are seamlessly integrated to create an environment where users don’t just scan documents—they embark on a digital journey of discovery.

Realm Scans is not confined by the traditional boundaries of scanning; it is a catalyst for a digital revolution. “Digital Horizons” illustrates how Realm Scans empowers users to go beyond the expected, transforming the act of scanning into a dynamic and enriching experience that transcends conventional notions.

As we navigate through the digital horizons of Realm Scans, the article becomes a celebration of the fusion between technology and user experience. It is a recognition that in the world of digital services, there are realms where functionality meets innovation, and where information is a gateway to new digital frontiers.

“Digital Horizons: Exploring the Essence of Realm Scans” is not just an article; it’s an ode to the tech enthusiasts, the information seekers, and the digital explorers who recognize the profound impact of a scanning service that goes beyond the surface. It’s an acknowledgment that in the realms of digital discovery, Realm Scans stands as a beacon, inviting users to embrace the transformative power of information in the digital age.

As Realm Scans continues to redefine the digital scanning landscape, “Digital Horizons” invites us to appreciate the nuances of a service that transforms the ordinary into the extraordinary—an exploration where every scan is not just a document but a digital adventure waiting to be unfolded.

Continue Reading


%d bloggers like this: