This case utilizes a real-world example of a cyberfraud incident at a U.S. public company. The company was the victim of a Business Email Compromise (BEC) scheme in which an employee inadvertently wired millions of dollars to fraudulent accounts based upon email instructions purportedly sent by a company executive and external legal counsel. This is a timely and important issue to examine given its rising prevalence and magnitude in the corporate world. The case allows students to examine a topic (phishing techniques and email scams) which they are likely to be familiar with on a conceptual level, through the lens of internal controls and auditing. Examining the case information, SEC filings and articles from the business press, students will gain an understanding of internal control issues related to BEC and critically think of ways to remediate or implement controls to reduce cybersecurity risk. Students will research PCAOB, AICPA and SEC policies regarding cyberfraud disclosure and the auditor's role in cybersecurity. They will gain an understanding of the financial and nonfinancial impact of BEC on corporations. The case also requires students to consider the growing responsibilities of auditors related to technology and its associated risks.