Guess it all depends on how the original account in question is set up. Naïve person that I am, if I was establishing a bitcoin-oriented business today, I'd be doing it with multi-sig (M of N signatures required to move funds), requiring multiple company officials to agree on funds movement, and expect that anyone joining me in the business would absolutely expect such a setup. Otherwise they'd see it as a huge red flag and jump ship, warning others away as well.

So a scammer would need to steal additional keys to abscond with the funds, and would need to act promptly to remove the funds before honest actors in the company realized something was amiss and took steps to move/safeguard the funds themselves.

Until such basic expectations about good business practices are absolutely standard across the bitcoin community we'll continue to be plagued by scams that could have been avoided.