LawSnap

Foley Hoag Publishes BEC Legal Trends and Strategies Guide

Published April 6, 2026

Score

Why it matters

Foley Hoag LLP released an article on April 6, 2026, analyzing current legal trends and prevention strategies for business email compromise (BEC) attacks, sophisticated cybercrimes using spoofed or compromised emails to exploit trust and induce fraudulent wire transfers. BEC schemes, including variants like vendor email compromise (up 66% in H1 2024) and attorney impersonation, have caused massive losses, with the SEC in 2018 investigating nine public companies for ~$100M in BEC-related wire fraud due to inadequate internal accounting controls under Sections 13(b)(2)(B) of the Securities Exchange Act.[1][3]

Key players include the SEC, which issued a 2018 report urging reassessment of cybersecurity controls without enforcement but warning of potential material weaknesses, lawsuits, and investor risks; law firms like Foley Hoag providing guidance; and victims such as public companies and financial entities facing rising BEC threats.[1] Evolving legal pressures encompass due diligence requirements, GDPR breach reporting (within 72 hours), CAN-SPAM penalties up to $53,088 per violation, and court scrutiny on "ordinary care" in contracts.[3][5]

This stems from BEC's escalation as the top cyberattack method per 2024 surveys, prompting updated strategies like MFA, employee training, dual approvals, and anomaly detection amid no dedicated CIS controls.[2][6][9] It's newsworthy now due to the fresh April 6 analysis amid 2026 attack surges (e.g., smarter phishing, data theft), regulatory demands for documentation/training, and tools like ITDR/XDR gaining traction for prevention.[3][4][15]

Sources

[1] https://law.temple.edu/10q/sec-special-report-rampant-business-email-compromises-require-reassessment-of-internal-accounting-controls/

[2] https://www.bnmc.net/bec-attacks-rising-how-to-stay-safe/

[3] https://www.proofpoint.com/us/threat-reference/business-email-compromise

[4] https://www.todyl.com/blog/what-is-business-email-compromise-bec

[5] https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guide-business

[6] https://www.watchguard.com/wgrd-news/blog/8-commandments-avoid-bec-attacks

[7] https://www.microsoft.com/en-us/security/business/security-101/what-is-business-email-compromise-bec

[8] https://www.paloaltonetworks.com/cyberpedia/what-is-business-email-compromise-bec-tactics-and-prevention

[9] https://marshalldennehey.com/articles/opportunity-knocks-modern-trends-business-email-compromise-changing-cyber-world

[10] https://www.weststarbank.com/article/bec-attacks-what-they-are-and-how-to-protect-yourself

[11] https://cyberhelpdesk.in/business-email-compromises-current-legal-trends-and-key-strategies/

[12] https://www.staysafeonline.org/articles/business-email-compromise-what-it-is-and-how-to-prevent-it

[13] https://www.dcba.org/mpage/v36-Brian-Dougherty

[14] https://www.cyber.nj.gov/guidance-and-best-practices/resources-for-businesses-government/don-t-be-fooled-ways-to-prevent-bec-victimization

[15] https://www.youtube.com/watch?v=lbFjBqgMak0

mail

Get notified about new Legal Intelligence Tracker

Primary sources. No fluff. Straight to your inbox.