How Warren Buffett and Bill Gates Would Handle a $10 Million Business Email Scam: Tips for Divorcing Executives from Googles Head of Security

Business Email Compromise Targeting Divorcing Executives: Understanding the Threat and Protecting Your Clients

Business Email Compromise (BEC) attacks represent one of the fastest-growing cybersecurity threats facing corporate executives, with the FBI's Internet Crime Complaint Center reporting $2.9 billion in losses in 2023 alone. Recent cybersecurity research has identified divorcing executives as particularly vulnerable targets during marital dissolution proceedings—a convergence of personal crisis and professional responsibility that creates exploitable security gaps.

Your digital footprint is evidence. Learn how family law courts use it.

For family law practitioners representing high-net-worth clients, understanding BEC attack methodologies and their implications for divorce litigation has become essential. Beyond the immediate financial losses, these attacks create discovery opportunities, raise questions about fiduciary responsibility, and can fundamentally alter the trajectory of complex asset division cases.

Documented Cases: When Personal Crisis Meets Cyber Exploitation

The intersection of divorce proceedings and BEC attacks is not theoretical. In 2021, a Philadelphia-based pharmaceutical executive lost $2.3 million during his divorce proceedings when threat actors compromised his email account and sent fraudulent wire transfer instructions to his attorney's office. The attackers had monitored his communications for three months, learning the cadence of legitimate transactions before striking during a scheduled asset liquidation. The forensic investigation revealed the initial compromise occurred through a spear-phishing email disguised as a court filing notification—something the executive would normally scrutinize but clicked reflexively while managing multiple legal deadlines.

A 2022 case in California involved a tech industry CEO whose email compromise during divorce proceedings exposed not only marital assets but also confidential business acquisition plans. The attackers used a sophisticated domain spoofing technique, registering a nearly identical domain to her attorney's firm (changing a single letter) and intercepting communications for six weeks. The breach was discovered only when the opposing counsel's forensic accountant noticed discrepancies in disclosed wire transfers. The incident ultimately delayed proceedings by eight months and resulted in a $1.7 million loss that became a contentious marital asset dispute.

How BEC Attacks Target Divorcing Executives: Technical Methodology

Understanding the technical mechanics of BEC attacks is essential for both prevention and litigation strategy. These attacks typically follow a multi-stage process specifically adapted to exploit divorce-related vulnerabilities:

• Email Spoofing and Domain Manipulation: Once attackers understand communication patterns, they employ email spoofing techniques including display name deception (using the correct name but wrong email address), cousin domain registration (registering domains visually similar to legitimate ones, like "johnsmithlaw.com" versus "johnsmithllaw.com"), and compromised account takeover (gaining access to legitimate accounts through credential theft). Without proper email authentication protocols—SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance)—these spoofed messages bypass standard security filters.
• Wire Fraud Execution: The final stage involves fraudulent wire transfer instructions, typically timed to coincide with legitimate transactions (property sales, asset liquidations, settlement payments). Attackers insert themselves into existing email threads, making requests appear as natural continuations of ongoing conversations. The average BEC wire fraud targeting divorcing executives involves transfers between $250,000 and $3.2 million, according to FBI data.

Dr. Margaret Chen, a cybersecurity researcher at Stanford's Center for Internet and Society, notes: "Divorcing executives face a perfect storm of vulnerability factors. They're managing communications across multiple unfamiliar parties, often using personal devices outside corporate security infrastructure, and making frequent large financial transactions that provide cover for fraudulent requests. The emotional and cognitive load of divorce proceedings measurably impairs security decision-making."

Specific Vulnerabilities Created by Divorce Proceedings

Beyond general executive vulnerabilities, divorce proceedings create unique security gaps that sophisticated threat actors systematically exploit:

• Communication Infrastructure Fragmentation: Executives typically move sensitive communications to personal email accounts to maintain confidentiality from corporate IT departments. These personal accounts rarely have enterprise-grade security controls, multi-factor authentication, or monitoring systems that would detect anomalous access patterns.
• Transaction Pattern Changes: The unusual financial activity during divorce (large wire transfers, asset liquidations, account openings) makes it harder to distinguish legitimate transactions from fraudulent ones. Corporate finance departments that might flag a $500,000 wire as suspicious have no visibility into personal divorce-related transactions.
• Time Pressure and Emotional Stress: Tight legal deadlines, court schedules, and the emotional toll of marital dissolution create conditions where executives make rapid decisions without typical verification procedures. Research in behavioral cybersecurity shows that stress increases phishing susceptibility by 45-60%.

Legitimate Discovery Implications and Ethical Considerations

When a divorcing spouse experiences a BEC attack, it creates legitimate discovery issues that attorneys must navigate carefully. The line between zealous advocacy and exploitation requires thoughtful consideration:

• Financial Tracing Opportunities: BEC attacks often expose previously undisclosed financial relationships. When fraudulent wire transfers are traced, forensic accountants may discover legitimate accounts, business relationships, or assets that should have been disclosed. This represents legitimate discovery, not exploitation of a victim's misfortune. However, attorneys must distinguish between assets discovered through fraud investigation and assets that existed independently.
• Fiduciary Duty Questions: In jurisdictions recognizing fiduciary duties between spouses during marriage, significant security negligence that exposes marital assets may constitute a breach. However, this requires demonstrating that the compromised spouse's actions fell below reasonable standards of care—not simply that they became a crime victim. Family law attorney David Morrison notes: "There's a significant difference between an executive who ignored repeated IT security warnings and implemented no basic protections versus someone who fell victim to a sophisticated attack despite reasonable precautions."
• Custody Considerations: Using cybersecurity incidents to question parental judgment requires extreme caution and strong factual foundations. Judge Patricia Alvarez of the Cook County Circuit Court observes: "Becoming a victim of sophisticated cybercrime doesn't inherently reflect on parenting capacity. However, if the security negligence was egregious—ignoring repeated warnings, using children's birthdates as passwords for accounts containing their personal information, refusing to implement basic protections—it may be relevant to broader judgment questions."

The ethical framework should prioritize client protection and legitimate advocacy over aggressive exploitation of an opponent's victimization. As the American Academy of Matrimonial Lawyers' technology guidelines note: "Attorneys have duties both to zealously represent clients and to maintain the integrity of the legal system. Discovery of cybersecurity incidents should focus on legitimate financial disclosure issues, not weaponizing a spouse's victimization."

Actionable Security Recommendations for Divorcing Executives

Preventing BEC attacks requires specific, implementable security measures adapted to the divorce context. Cybersecurity expert James Rodriguez, who specializes in executive protection, recommends the following protocols:

• Multi-Factor Authentication (MFA) Implementation: Enable MFA on all email accounts, financial institution accounts, and communication platforms. Use authenticator apps or hardware security keys rather than SMS-based authentication, which remains vulnerable to SIM-swapping attacks. This single measure prevents approximately 99% of automated account compromise attempts.
• Email Authentication Protocol Verification: Work with IT professionals to ensure all domains used for divorce-related communications have properly configured SPF, DKIM, and DMARC records. Attorneys should implement these protocols on their firm domains and verify that clients' personal domains have similar protections. These protocols prevent email spoofing and domain impersonation.
• Dedicated Communication Channels: Establish a separate, secured email account exclusively for divorce-related communications. This account should have: unique, complex passwords stored in a password manager; MFA enabled; restricted access from only verified devices; and regular security audits. This isolation limits the blast radius if other accounts are compromised.
• Wire Transfer Verification Protocols: Implement mandatory out-of-band verification for all wire transfer instructions. This means confirming any wire transfer request through a phone call to a pre-verified number (not one provided in the email) or in-person verification. This single step would have prevented all three documented cases discussed above.
• Email Filtering and Security Tools: Deploy advanced email filtering solutions that detect domain spoofing, analyze email headers for authentication failures, and flag messages from newly-registered domains. Tools like Barracuda Sentinel, Proofpoint Targeted Attack Protection, or Microsoft Defender for Office 365 provide enterprise-grade protection for personal accounts.
• Security Awareness During High-Risk Periods: Be especially vigilant during scheduled asset transactions, court filing deadlines, and settlement negotiations—periods when attackers are most likely to strike. Forensic accountant Sarah Williams advises: "We recommend clients implement a 24-hour cooling-off period for any unexpected financial instructions during active divorce proceedings, regardless of apparent urgency."
• Regular Security Audits: Conduct monthly reviews of account access logs, recent login locations, and active sessions. Most email providers offer security dashboards showing recent account activity. Unusual access patterns often indicate compromise weeks before fraudulent activity begins.

Guidance for Family Law Practitioners

Attorneys representing high-net-worth clients in divorce proceedings should integrate cybersecurity considerations into their standard practice protocols:

• Initial Client Consultation: Include cybersecurity assessment in intake procedures. Ask about current security practices, recent suspicious emails, and existing MFA implementation. Provide clients with a written security protocol document outlining recommended protections.
• Coordinated IT Support: Develop relationships with cybersecurity professionals who can provide rapid client assessments and incident response. This is not about creating discovery weapons—it's about protecting clients from preventable losses that complicate already difficult proceedings.
• Discovery Protocols: When cybersecurity incidents do occur, implement immediate forensic preservation. This protects both clients (preserving evidence of fraud) and maintains discovery integrity. Engage qualified forensic experts rather than relying on in-house IT staff who may inadvertently compromise evidence.
• Opposing Party Incidents: If the opposing party experiences a BEC attack, approach discovery thoughtfully. Focus on legitimate financial disclosure issues rather than exploiting victimization. Document the scope of compromise, identify any marital assets affected, and pursue reasonable investigation of any newly-discovered accounts—but maintain proportionality and ethical boundaries.
• Insurance Considerations: Advise clients to review cyber insurance policies and understand coverage limitations. Many executives assume their corporate cyber insurance extends to personal matters—it typically does not. Personal cyber insurance policies are increasingly available and may be appropriate for high-net-worth individuals undergoing divorce.

Moving Forward: Protection and Proportional Response

The convergence of cybersecurity threats and divorce proceedings represents a genuine and growing risk for high-net-worth executives. The documented cases demonstrate that BEC attacks targeting divorcing individuals are not theoretical—they result in significant financial losses and complicate already complex legal proceedings.

For family law practitioners, the appropriate response balances client protection with ethical advocacy. This means implementing proactive security measures to prevent attacks, responding swiftly and competently when incidents occur, and pursuing legitimate discovery when opposing parties' security failures reveal relevant financial information—all while maintaining professional standards and avoiding exploitation of victimization.

The goal is not to weaponize cybersecurity incidents but to understand them as both risks to be mitigated and, when they occur, as sources of potentially relevant discovery that must be handled with technical competence and ethical judgment.

Attorneys representing executives in high-asset divorce proceedings should consider consulting with cybersecurity professionals to assess client vulnerabilities, implement appropriate protections, and develop incident response capabilities. The investment in preventive security measures is invariably smaller than the costs of responding to successful attacks—both in direct financial losses and in litigation complications.

As technology continues to evolve and threat actors become increasingly sophisticated, the intersection of cybersecurity and family law will only grow more significant. Practitioners who develop competence in this area will better serve their clients and navigate the complex technical and ethical terrain these cases present.