In the courts: Could finance staffers be held personally liable for BEC scams?
The severity of email scams is escalating for you and your finance team.
Courts are now looking at whether individual employees – and not just corporate officers – could personally be on the hook for business email compromise (BEC) scams.
A prime example is the high-profile U.K. lawsuit Peebles Media Group Ltd v. Patricia Reilly.
Where does blame lie?
According to the lawsuit, Patricia Reilly, an employee, received emails from a hacker impersonating her boss and requesting wire transfers. Reilly wired more than $250,000 before realizing it was a scam. The company fired Reilly – and is now suing her for the $138,000 that wasn’t able to be recovered.
It’s arguing that Reilly was careless and should’ve known better. She, in response, is claiming she was never trained by the company to spot fraud.
Though the court has yet to make a ruling, this case shows how BEC scams are spiraling in new directions.
And though this case is taking place across the pond, it probably won’t be long before similar court cases start popping up in the U.S., seeing as email scams keep growing more prevalent.
IRS weighs in
In fact, this year, phishing topped IRS’ annual Dirty Dozen list (with phone scams getting silver and identity theft earning the bronze).
And in light of the continual growth of scams, the Service issued a news release with current details. IRS wants you and your staff to especially look out for BEC scammers who pose as:
- businesses asking you to pay a fake invoice
- employees wanting you to re-route a direct deposit, and
- someone you know/trust (e.g., an executive) requesting a wire transfer.
Protective measures
As IRS ramps up phishing awareness and the U.K. court case plays out, it’s vital to ensure the proper training is conducted and the right message is shared at your company right now.
Here are questions to reflect on, both within your own department and on a larger scale.
Proactive considerations
- Do all employees (A/P, A/R, Payroll, purchasers, managers, etc.) involved in payments have a thorough understanding of BEC scams and how to spot them?
- Does the company provide annual or quarterly training on scams? Are all employees included in this?
- Are employees ever tested with real-life examples of email scams?
- On the technological side, are there proper cybersecurity measures in place to help identify and thwart scams? Are these measures up to date?
Reactive considerations
- Do employees know who to contact at the company if a phishing attempt is uncovered? And do they know to report phishing attempts to IRS by sending it to phishing@irs.gov?
- Is there a step-by-step procedure to follow in the event of a scam (alert local law enforcement, contact insurance, etc.)? Is this procedure well publicized?
- Does company policy outline consequences (mandatory training, removal of system access, etc.) for those who repeatedly fall for scams?
Free Training & Resources
Further Reading
Productivity is essential to every finance professional. But being productive isn’t always easy when you’re pulled in many dire...
Most employers give out annual pay raises, according to a new survey. However, the increase isn’t enough to keep up with inflation. Th...
Twenty-six financial firms are on the hook for $392.75 million in fines for securities recordkeeping violations. Several of the brokers, de...
Interest rates for the second quarter will drop, the IRS recently announced. According to Revenue Ruling 2026-5, the rates for April, Ma...
Is there a single business in the U.S. that’s resisted raising prices since early 2020? Good luck finding one. But there’s a fi...
Late payroll-tax deposits will be more expensive, effective July 1. The IRS set the interest rate on tax underpayments at 7% for Q3, up ...