Legal Standards and Case Law on CEO-Fraud: Phishing and CEO fraud have become prominent tools in the arsenal of organized cybercrime. Increasingly, companies are not just targets but gateways through which substantial sums are misappropriated—often under the guise of legitimate internal instructions. The legal fallout is predictable yet complex: Who bears the financial loss when a manipulated employee executes a fraudulent payment? Can the company hold its bank liable, or does the responsibility fall on internal governance?
This article explores the legal framework governing the liability of phishing and CEO fraud victims, particularly from a civil law perspective. The analysis is grounded in recent German case law, interpreted within the context of the European PSD2 regime and modern organizational security obligations.