Allocation of Loss Caused by Business Email Compromise Scam in the Relationship between Creditor and Debtor of a Monetary Obligation

Article Sidebar

PDF (Srpski)
Published: Oct 14, 2025
DOI: https://doi.org/10.56461/SPZ_25305KJ
Keywords:
business email compromise, email account compromise, identity theft, legal appearance, phishing, fraud, scam

Main Article Content

Mirjana Z. Radović
Faculty of Law, University of Belgrade, Serbia
ORCID https://orcid.org/0000-0003-1700-6495

Abstract

In this paper, the author examines the private law consequences of business email compromise scam (fraud) in the relationship between a creditor and a debtor of a monetary obligation. The situation involves a business entity (the debtor of the monetary obligation from the underlying transaction) receiving an email that appears to originate from the creditor but is actually sent by a third party – a fraudster – requesting urgent payment according to new instructions, typically to a foreign bank account. The first part of the paper serves as an introduction and provides explanations of the characteristics, causes, and types of such fraud. It then offers a legal-dogmatic analysis of the allocation of loss between the debtor, as the fraud victim, and the creditor of the monetary obligation. The author examines: attributing the will in a fraudulent email to the creditor, fulfilling the contract by paying as instructed in the fraudulent email, and the debtor’s right to seek damages from the creditor for making the email appear authentic. The final part of the paper includes an overview of domestic court practices on this issue. Based on theoretical and practical analyses, the author concludes that the loss from fraud due to the compromise of a business email will, as a rule, be borne by the debtor.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 69 No. 3 (2025): Foreign Legal Life
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Author Biography

Mirjana Z. Radović, Faculty of Law, University of Belgrade, Serbia

Redovna profesorka

Crossref
Scopus
Google Scholar
Europe PMC

References

Borges, G. 2005. Rechtsfragen des Phishing – Ein Überblick. Neue Juristische Wochenschrift – NJW, 46/2005, pp. 3313-3317.

Cross, C. & Gillett, R. 2020. Exploiting trust for financial gain: an overview of business email compromise (BEC) fraud. Journal of Financial Crime, 27(3), pp. 871-884.

Deusch, F. & Eggendorfer, T. 2024. IT-Sicherheit. In: Taeger, J. & Pohle, J. (Hrsg.), Computerrechts-Handbuch. Werkstand: 39. München: C. H. Beck.

Eckhardt, J. 2023. TKG § 174 Manuelles Auskunftsverfahren. In: Geppert, M. & Schütz, R. (Hrsg.), Beck’scher TKG-Kommentar. 5. Auflage. München: C. H. Beck.

Eggers, C. & Goerth, A. 2005. Die Haftung des Bankkunden für unbefugte Abhebungen mittels ec-Karte und PIN. Juristische Schulung – JuS, 6/2005, pp. 492-495.

Freedman, B. 2020. Managing the risks of email compromise fraud. Borden Ladner Gervais LLP. Dostupno na: https://www.lexology.com/library/detail.aspx?g=e5ec24d4-a720-43dc-a4be-26454518bb6d, 22. 7. 2025.

Harrison, M. E. M. 2024. Business Email Compromise Fraud: Should the Party Best Positioned to Avoid the Fraud Bear the Loss? Arnall Golden Gregory LLP. Dostupno na: https://www.agg.com/news-insights/publications/business-email-compromise-fraud-should-the-party-best-positioned-to-avoid-the-fraud-bear-the-loss/, 22. 7. 2025.

Hofmann, C. 2005. Schadensverteilung bei Missbrauch der ec-Karte – Zugleich Besprechung des Urteils des BGH vom 5. Oktober 2004 = WM 2004, 2309. WertpapierMitteilungen (Zeitschrift für Wirtschafts- und Bankrecht) – WM, 10/2005, pp. 441-450.

Jones, N. 2024. Understanding Payments. Oxon – New York: Routledge.

Jungmann, C. 2023. BGB § 675l Pflichten des Zahlungsdienstnutzers in Bezug auf Zahlungsinstrumente. In: Säcker, F. J. et al. (Hrsg.), Münchener Kommentar zum BGB. 9. Auflage. München: C. H. Beck.

Karanikić Mirić, M. 2024. Obligaciono pravo. Beograd: JP „Službeni glasnik“.

Koza, E., Öztürk, A. & Willer, M. 2024. Social Engineering und Human Hacking – Strategien zur Prävention und Abwehr von Manipulationstechniken in der IT. Berlin – Heidelberg: Springer.

Maihold, D. 2022. Bankgeschäfte online. In: Ellenberger, J. & Bunte, H.-J. (Hrsg.), Bankrechts-Handbuch. Band I. 6. Auflage. München: C. H. Beck.

Marković, M. 2007. Odnos banke i korisnika u slučaju zloupotrebe platnih kartica. Pravni život, 13, pp. 217-238.

Moosajee, A., Munga, S. & Nxumalo, O. 2024. Business email compromise: Who bears the risk of liability? International Bar Association. Dostupno na: https://www.ibanet.org/business-email-compromise-who-bears-risk-liability, 22. 7. 2025.

Radović, M. 2016. Platni promet – Pravo bankarskih platnih usluga. Beograd: Univerzitet u Beogradu – Pravni fakultet.

Radović, M. 2019. Smisao i domen primene regulative opštih uslova poslovanja. Pravo i privreda, 7-9/2019, pp. 332-347.

Rieder, M. S. 2004. Die Rechtsscheinhaftung im elektronischen Geschäftsverkehr. Berlin: Duncker & Humblot.

Schmalenbach, D. 2024. BGB § 675v Haftung des Zahlers bei missbräuchlicher Nutzung eines Zahlungsinstruments. In: Hau, W. & Poseck, R., BeckOK BGB. 72. Edition. München: C. H. Beck.

Schmidt, M. & Pruß, M. 2019. Technische Grundlagen des Internets. In: Auer-Reinsdorff, A. & Conrad, I. (Hrsg.), Handbuch IT- und Datenschutzrecht. 3. Auflage. München: C. H. Beck.

U.S. Court of Appeals, 2018. The U.S. Court of Appeals, Beau Townsend Ford Lincoln v. Don Hinds Ford, 6th Cir. 2018. Dostupno na: https://law.justia.com/cases/federal/appellate-courts/ca6/17-4177/17-4177-2018-11-27.html, 22. 7. 2025.

UK National Cyber Security Centre. 2020. Business email compromise – Dealing with targeted phishing emails. Dostupno na: https://www.ncsc.gov.uk/files/Business-email-compromise-infographic.pdf, 22. 7. 2025.

Vukadinović, S. G. 2020. Adhezioni ugovori u francuskom pravu. Strani pravni život, 1/2020, pp. 5-15.

Vukadinović, S. G. 2021. Pravnoteorijske karakteristike i pravnodogmatski razvoj nemačkog prava opštih uslova poslovanja. Strani pravni život, 3/2021, pp. 343-359.

Walker, L. 2023. Who Bears the Risk of Loss When Your Business Email Is Hacked? An Overview of Business Email Compromise Scams and the Potential Risks. Commercial Law World, 37(1), pp. 34-37.

Weber, K. 2024. Phishing. In: Weber, K. (Hrsg.), Weber kompakt, Rechtswörterbuch. 11. Edition. München: C. H. Beck.

Zahrte, K. 2023. Sonderbedingungen für das Online-Banking. In: Bunte, H.-J. & Zahrte, K. (Hrsg.), AGB-Banken, AGB-Sparkassen, Sonderbedingungen. 6. Auflage. München: C. H. Beck.

Zweighaft, D. 2017. Business email compromise and executive impersonation: Are financial institutions exposed?. Journal of Investment Compliance, 18(1), pp. 1-7.

Pravni izvori

Zakon o obligacionim odnosima 1978 – ZOO. Službeni list SFRJ, br. 29/78, 39/85, 45/89 i 57/89, Službeni list SRJ, br. 31/93, Službeni list SCG, br. 1/2003 i Službeni glasnik RS, br. 18/2020.

Zakon o parničnom postupku 2011. Službeni glasnik RS, br. 72/2011, 49/2013, 74/2013, 55/2014, 87/2018, 18/2020 i 10/2023.

Sudska praksa

Ontario SCJ, 2017. Ontario Superior Court of Justice, Du v. Jameson Bank, 2017 ONSC 2422 (CanLII). Dostupno na: https://www.canlii.org/en/on/onsc/doc/2017/2017onsc2422/2017onsc2422.html, 22. 7. 2025.

Ontario SCJ, 2019. Ontario Superior Court of Justice (Small Claims Court), St. Lawrence Testing & Inspection Co. Ltd. v. Lanark Leeds Distribution Ltd., 2019 CanLII 69697 (ON SCSM). Dostupno na: https://www.canlii.org/en/on/onscsm/doc/2019/2019canlii69697/2019canlii69697.html, 22. 7. 2025.

Presuda PAS, 2020. Presuda Privrednog apelacionog suda, 4 Pž 1629/19 od 11. 6. 2020. godine.

Presuda PS u Beogradu, 2018. Presuda Privrednog suda u Beogradu, P 5132/18 od 4. 12. 2018. godine.

Presuda VKS, 2021. Presuda Vrhovnog kasacionog suda, Prev 135/2021 od 22. 4. 2021. godine.