Business Email Compromise

Email is the starting point of 91% of cyberattacks. It’s both a large vulnerability and an inevitable one, because so often email is how we communicate with people we already know and trust (like business partners), and with people we might soon get to know (like potential clients).  It is easier to exploit our errors, assumptions, and lack of awareness than to exploit software flaws.  That is why hackers, spoofers, and phishers sink their fangs extra deep into email, and into the businesses compromised by email.

If a business principal’s email gets hacked, or a phishing attempt exposes vital business data, relationships with vendors, customers, and partners can suffer. Multiple parties may suffer losses as hackers insert themselves into payment processes, stealing money and hurting reputations in the process. Often holding the hackers accountable is not an option, either because they are too difficult to find, or because they are outside of the US.  Because neither legitimate party wants to absorb the loss, litigation usually follows a breach of a business’s email.

Chatow Law can help with the litigation. We can help if you have been blamed for an email breach, or if you have suffered damages due to an email breach and its consequences.  You can contact our office in Orange County, CA now, or read on to find out more.

Types of Business Email Compromise

Though we hear a great deal about large, public data breaches that happen at various major corporations, scammers rarely go after data directly. More often, they’re after a quick payout from whomever they can fool. 

• They may hack into a CEO’s account so they, masquerading as the CEO, can email instructions to employees to make certain purchases.
• They may email fake invoices to the supplier, diverting funds to their own bank account.
• They sometimes impersonate lawyers who demand fake debt or retainer payments.
• Some have generated fake lease renewals to steal deposits or rent payments.
• Some pretend a fake merger or acquisition is underway. 

Most of these scams involve diverting legitimate payments to the scammer’s account. Of course, it doesn’t take long for a business email compromise to cause chaos. Vendors and landlords (for instance) still want to be paid, but businesses’ owners or staff believe they’ve already made the payments. Disputes can and often do explode before anyone is even aware a business email compromise has taken place. 

Liability in a Business Email Compromise Case

Liability most often lies with the party who failed to exercise “ordinary care” in delivering a payment to a fraudulent entity. That is, liability most often lies with the party who was in the best position to prevent the fraud. In some cases, neither the vendor nor the company is found liable, in which case the courts have determined the bank was in the best position to prevent fraud and therefore is liable.

Regardless of who caused the breach, if one party is contractually obligated to make payments to another party, they are generally still required to make those payments, even if they lost money to a hacker. Yet even here there are exceptions. In cases where the true vendor has led the company to reasonably believe the hacker worked for the vendor, the courts have ruled that the victims did not need to make those payments to the vendor. Courts also pay attention to whether there were any obvious red flags that any party may have ignored or glossed over. 

Damages in a Business Email Compromise Case

The most likely resolutions are:

• The company that paid the fraudulent transaction pays again, this time to the legitimate vendor, because its staff failed to exercise ordinary care, is in possession of the vendor’s products or services, and is under contract.
• The vendor is instructed to absorb the loss. The company keeps the inventory, and the vendor has to give up the products without receiving payments.
• The bank is instructed to compensate one party or the other for the loss. 
• Any normal remedy could be offered under a standard breach of contract claim.

In some business email compromise cases, it is wise to pursue mediation to minimize losses on all sides and preserve the relationships between vendors and the companies they serve.

Litigating Business Email Compromise Cases on a Contingency Basis

It is possible that we can litigate your case on a contingency basis, rather than on a pay-as-you go hourly basis.  Probably because of the damages and possibly for other reasons, your money may be tied up temporarily.  We understand that, which is why we may be able to work you in such a way that you only pay a percentage of the settlement or judgment if and when we win your case and you collect your award.  You can find out more about the contingency business litigation option here.