Recent criminal charges based on a business email compromise scheme that induced two U.S.-based internet companies to wire more than $100 million to a fraudster’s bank accounts serve as a reminder that any company can fall prey to a phishing attack. Companies must ensure they are doing what they can to prevent becoming a victim. “This case shows there are few limits on the amount of money that you can potentially extract in attacks like this as long as you find a company with those kind of resources and some weakness in its financial controls,” Serrin Turner, a Latham & Watkins partner and former lead cybercrime prosecutor for the Southern District of New York’s U.S. Attorney’s office, told the Cybersecurity Law Report. With input from Turner, we discuss the facts behind the indictment and offer advice on how to prevent and mitigate damages from these types of attacks. See also “Advice From Blackstone and Tiffany CISOs on Fighting Cybercrime” (Nov. 2, 2016).