Law Firm Victimized by Hackers Looks to Bank for Redress – But Who is Really at Fault?
A Pennsylvania law firm, O’Neill Braff & Staffin, fell victim to e-mail hackers and a wire fraud scam and improperly wired $580,000 to the Bank of China. Upon realizing his mistake, the attorney who initiated and verified the wire attempted to cancel it. He contacted the firm’s bank, Bank of America, and ordered cancellation. However, it was too late. The funds were transferred to Bank of China, and Bank of America was unable to recover the funds.
The firm is suing Bank of America for failing to stop the wire. But BOA is fighting back arguing that the wire was properly initiated by one of the firm’s name partners. BOA then phoned the attorney for verification via PIN, which the attorney provided. Sometime thereafter, the attorney learned that he was the victim of fraud. The fraud occurred in a simple e-mail spoof. The attorney received an e-mail from one of his partners, another name partner, asking that he send the wire on behalf of a client while he was out of the office. The e-mail contained detail of the client and was familiar and personal. So, the attorney did not verify with his partner via phone. He sent the wire.
I have written on this topic before (see post HERE). These scams are very common. But this one provides an interesting twist. The fraudsters did a tremendous amount of due diligence, likely by way of a computer hack, and convinced the victim that his own partner was requesting the wire. Though by now, the careful attorney should know to verify all wire instructions, I suppose it is not totally unreasonable to take your partner’s e-mail as legitimate, particularly one that is so realistic. And, I don’t know what the spoofed e-mail looked like.
However, here is the problem. The request to wire $580,000 on behalf of this particular client should have raised red flags. It should have stopped the attorney, his assistant, paralegal and bookkeeper dead in their tracks. Why? According to the reporting on this case (ALM, Daily Business Review, July 5, 2018), the Law Firm’s own complaint states that the client had only $1,900 in trust with the firm. The remaining $561,000 was covered by other money held in trust by the firm for other clients. Clearly, no one in the firm bothered to check how much money they were holding on behalf of the client.
The fact that this law firm is trying to pass of responsibility for the wire on BOA is outrageous. That the firm was a victim of fraud, though sad, is irrelevant. They mishandled trust funds and should be referred to the State Bar Association for these actions.