Who Loses When Imposter Intercepts Wired Settlement Proceeds in California?
The recent California appellate decision in Thomas v. Corbyn Restaurant Development, Corp., presented an issue of first impression in California: Which party bears the risk of loss when an imposter causes one party to a settlement to wire settlement proceeds to the imposter instead of the other settling party?
After plaintiff and defendants settled a personal injury lawsuit for $475,000, an unknown third party purporting to be plaintiff’s counsel sent “spoofed” emails to defendants’ counsel providing fraudulent wire instructions for the settlement proceeds.
According to the Federal Bureau of Investigation (FBI),spoofing is when someone disguises an email address, sender name, phone number, or website address — often just by changing one letter, symbol, or number — to convince you that you are interacting with a trusted source.
Defendants’ counsel wired the settlement proceeds to the fraudulent account and the third party absconded with the funds.
Once the fraud was discovered, plaintiff asked for the settlement money, but defendants refused to pay.
Plaintiff then applied ex parte to enforce the settlement agreement.
Noting the lack of California authority discussing this topic, the trial court applied persuasive federal case law that uniformly shifts the risk of loss to the party in the best position to prevent the fraud.
After looking at the totality of the circumstances, the trial court found defendants were in the best position to prevent the fraud and that plaintiff bore no comparative fault.
The court granted plaintiff’s application to enforce the settlement and entered judgment in his favor for $475,000.
On appeal, defendants maintained the trial court chose the correct law to apply but applied it incorrectly by mischaracterizing the evidence that supported shifting the blame to defendants, and by failing to consider the evidence that supported shifting the blame to plaintiff.
Defendants asserted that by doing so, the trial court undertook an overly simplistic analysis that presumed the payor is in the best position to avoid fraud.
The appellate court agreed that the authority on which the trial court relied is persuasive but it disagreed that the trial court misapplied it.
The record showed that the trial court assessed each party’s role in preventing the fraud.
Substantial evidence supports the trial court’s findings that several red flags should have alerted defendants to the fraud, and that there were none that should have alerted plaintiff.
Accordingly, the appellate court affirmed the judgment.
Plaintiff Brian Thomas (Plaintiff) sued defendants Corbyn Restaurant Development Corp. dba Cowshed Bar & Grill, Nicole Nocentino, and Jaime Lee Masters (together, Defendants) for personal injuries Plaintiff allegedly sustained during an altercation with Nocentino and Masters, employees of the corporate defendant’s establishment.
The Law Offices of Chambers & Noronha represented Plaintiff. Daniel Fallon of Tyson & Mendes, LLP, represented Defendants.
After a mediation, the parties settled their dispute for $475,000.
Their understanding was memorialized in a formal Settlement Agreement and Release (Settlement Agreement) that included these key provisions: “3. In consideration of the promises, conditions and Release set forth herein, Defendants shall cause payment to be made to Plaintiff in the sum total of Four Hundred Seventy-Five Thousand Dollars and Zero Cents ($475,000.00) (the ‘Settlement Payment’). Issuance of the Settlement Payment is conditioned on receipt of this fully executed Release.
“4. Upon receipt of this fully executed Release the Settlement Payment shall become due and payable within thirty days. The Settlement Payment is to be issued to: ‘Chambers and Noronha Client Trust Account for the benefit (‘FBO’) Brian Thomas.’ ”
Plaintiff’s counsel sent the signed Settlement Agreement to Defendants’ counsel via email on August 28, 2023. The email came from the law firm’s office administrator, Janette Mattson, specifying: “Please make the check payable to our client and the Chambers & Noronha Client Trust Account.”
Mattson also requested a “possible ETA for the check.” Mattson’s email address was “jcmattson@cnlegalgroup.com.” Her email signature included her correct email address, the firm’s correct physical and website addresses, and the office phone number “(714) 558-1400.”
Defendants’ attorney, Fallon, replied the same day by email stating he would “advise once [he] ha[s] a better sense of timing on [the] settlement funding.” Fallon’s email address used the domain “@tysonmendes.com.”
About one week later, on September 6, an email purporting to be from Mattson to Fallon asked, “[C]an we have the settlement funds sent electronically into my firm’s IOLTA rather than sending a check?”
However, this email came from “jmattson@cnlegalrgroup.com.”
The “spoofed” address differed from Mattson’s authentic email address in two ways: it omitted the letter “c” from Mattson’s username and added the letter “r” between “cnlegal” and “group” in the domain.
The signature in the fake Mattson email showed Mattson’s correct email address and the firm’s correct physical and website addresses but incorrect phone and fax numbers, respectively, “(714) 554-1500” and “(714) 558-0895.”
An identical email was sent eight minutes after the original. Both emails used the recipients’ correct “@tysonmendes.com” domain.
That same day, September 6, Fallon replied to the spoofed Mattson email as follows: “I will look into your request so we can discuss. Possible the check has already gone out. Also, if we move towar[d] electronic transfer, I would like to discuss over the phone to ensure we are on the same page.”
The next morning, on September 7, someone using the fake Mattson email account responded, “If the check has already gone out please disregard the electronic transfer request.” This email was addressed to Fallon’s correct “@TysonMendes.com” domain and to additional recipients at the spoofed “@cnlegalrgroup.com” domain.
The next day, on September 8 (a Friday), Fallon replied via email: “We are able to transfer the settlement funds electronically. I tried to call the number listed below but get an indication it is inoperable. [¶] Please provide the wire transfer instructions and a number to call to discuss.”
Later that evening, a fraudster using the spoofed Mattson email account replied to Fallon as follows: “Sorry for the late response. We will send you the requested instructions accordingly, our firm policy states the finance department handles such information. Mark Anderson our head of finance also cc’d in this email will follow up with you on call [sic] and provide the wire instructions.”
Accounting personnel from Fallon’s firm called and spoke to Anderson at the phone number provided in the fraudulent email. Defense counsel then transferred the settlement proceeds to the account identified in the wire instructions contained in the email.
Over the next several weeks, the spoofed Fallon email account and Mattson’s authentic email account communicated several times regarding the status of the settlement check. Then communication from the fake Fallon email account stopped.
After several weeks of inactivity, Plaintiff’s counsel contacted Defendants’ counsel telephonically regarding the settlement payment. On October 10, 2023, the parties discovered they had been the victims of a cyber scam and that the settlement proceeds were wired to a fraudulent account.
About a month after the parties discovered the fraud, Plaintiff still had not received the settlement proceeds, so he applied ex parte for an order enforcing the Settlement Agreement. (See Code Civ. Proc., § 664.6, subd. (a))
His application recounted the facts summarized above and attached printouts of the relevant email messages. Plaintiff noted that “California has no published authority on fraudulent wire transfers of settlement funds,” but noted that federal courts have applied the “Imposter Rule” found in the Uniform Commercial Code (UCC) to shift the burden of loss to the party who had “more opportunity and was in the better position to discover the fraudulent behavior.”
Applying this standard, Plaintiff argued that several red flags put Defendants and their counsel “in a better position to discover the fraudulent behavior.”
Among those warnings were: (1) the Settlement Agreement specified that payment be made to “Chambers and Noronha Client Trust Account for the benefit (‘FBO’) Brian Thomas,”
but the fraudulent wire instructions identified a different payee (“Chambers & Noronha APC”), omitted Plaintiff’s name, and specified a bank in Los Angeles even though Plaintiff’s counsel are located only in Orange County;
(2) the parties had agreed by email that Defendants would deliver the settlement payment by check, but the imposter’s email requested payment by wire transfer;
(3) the signature in the spoofed emails to Defendants’ counsel listed a different phone number than was listed in the signature of prior authentic emails, in written correspondence, and in court filings;
(4) when defense counsel attempted to call the imposter, the phone number was inoperable and the imposter again changed the phone number in the spoofed email signature; and
(5) the imposter communicated via spoofed email accounts with Defendant’s counsel before the wire transfer, but the imposter did not begin communicating with Plaintiff’s counsel until after the wire transfer.
Like the trial court and the parties, the appellate court was unaware of any published California authority addressing who bears the risk of loss when a third party fraudulently induces the false delivery of money.
In determining which party was best positioned to prevent the fraud, courts have considered a variety of “red flags,” including: the extent to which each party secured its computer system or whether the system had been breached before; whether a party was aware that its transaction was being targeted, and, if so, whether that party disclosed the targeting to the other party in the transaction, or to the court; whether either party failed to scrutinize spoofed email addresses or overlooked typographical errors or duplicative information; and whether the payor called to confirm wire instructions, particularly when they conflicted with prior payment arrangements or new payment instructions changed material information like names and addresses.
The appellate court was persuaded by federal decisions that it should also anchor its analysis to the imposter rule when considering who should bear the risk of loss from a fraudulently induced wire transfer.
Accordingly, the appellate court held that the risk of loss from an imposter’s fraudulent diversion of a wire transfer shall be borne by the party in the best position to prevent the fraud.
In making this factual determination, trial courts must consider the extent to which each party exercised ordinary care with respect to preventing the fraud and may apportion the loss accordingly.
In doing so, courts must consider the totality of the circumstances, which may include the nonexhaustive list of factors described above.
Although a party’s negligence may contribute to a finding that that party was in the best position to prevent the fraud, a finding of negligence is neither necessary to, nor dispositive of, the ultimate question of which party was best positioned to prevent the fraud.
Indeed, courts — including the trial court here — have found one party was best positioned to prevent the fraud even when neither party acted negligently.
Viewing the evidence in the light most favorable to the judgment, the appellate court concluded substantial evidence supported the trial court’s factual findings that “defendants were in the best position to prevent the fraud.”
Contrary to Defendants’ assertion, there were red flags that should have alerted their counsel to the fraudulent scheme.
First, as the trial court observed, the imposter’s “wiring instructions conflicted with the payment procedure established by the parties’ written Settlement Agreement and Release.”
While the Settlement Agreement specified that the settlement payment “is to be issued to: ‘Chambers and Noronha Client Trust Account for the benefit (“FBO”) Brian Thomas,’ ” the wire instructions changed the payee to “Chambers & Noronha APC.” This change was material in at least two ways: it omitted the “client trust account” aspect of the payee and omitted Plaintiff’s correct name. Both changes reduced safeguards that benefited and protected both Plaintiff and his attorney
The wire instructions raised additional warnings that, while not in direct conflict with the Settlement Agreement, should still have given Defendants’ counsel reason to question the validity of the transfer instructions. For example, the imposter’s request to wire the settlement proceeds conflicted with counsels’ informal agreement that the settlement payment would be made by check.
Together, these anomalies surrounding the wire instructions supported the trial court’s finding that Defendants were better positioned to prevent the fraud
Second, substantial evidence supported the trial court’s finding that if a law firm’s primary phone number was “inoperable,” that was another warning sign to Defendants’ counsel.
Several of the courts that shifted the risk of loss to the payor did so because the payor failed to call the payee to confirm wire instructions unknowingly received from an imposter.
Although Defendants’ counsel took that preliminary step here, the fact the phone number was inoperable should have signaled counsel to exercise greater vigilance. That would have revealed that the phone number Defendants’ counsel got from the imposter’s first spoofed email message signature block differed from the number that appeared in the email signature of Plaintiff’s counsel’s authentic email messages and the caption on the firm’s pleadings filed in this case.
Indeed, Plaintiff’s counsel’s phone number has been the same since 1989.
Yet, rather than determine the correct phone number via a source extrinsic to the spoofed email thread (e.g., look at the state bar’s website), Defendants’ counsel relied on further information provided by the imposter’s suspicious communications — yet another phone number that differed from the one in counsel’s authentic email signature and on their court filings.
Further, despite these anomalies, Defendants’ counsel delegated the chore of confirming the accuracy of the wire instructions. Instead of following up himself, he delegated the follow-up call regarding the wire instructions to his firm’s accounting personnel.
Third, the imposter’s use of a spoofed email address for Mattson, which differed in both her name (it omitted the letter “c”) and the domain name (it added the letter “r”), was yet another red flag to Defendants’ counsel.
Several courts have shifted the risk of loss to the party that failed to scrutinize spoofed email addresses.
Fourth, the fact the imposter carelessly sent two identical requests for wire instructions within a matter of minutes is akin to typographical errors that courts have deemed significant in shifting the risk of loss.
These numerous red flags, backed by substantial evidence in the record, supported the trial court’s factual finding that Defendants were in the best position to prevent the fraud.
Innovation in commerce makes financial transactions more efficient and convenient. At the push of a button, money moves around the world almost instantly.
Criminals have likewise invented new ways to exploit these advancements — making the ability to remotely and rapidly transfer significant amounts of money now come with a risk that a criminal will exploit the convenience of remoteness by impersonating a party to the transaction and diverting the funds, often irretrievably.
As cases show, criminals do this in a variety of ways, including by hacking a party’s authentic email account or by using a spoofed email account that closely resembles a party’s authentic account.
The antidote to these innovative fraudulent schemes may involve sophisticated encryption and digital safeguards (e.g., multifactor authentication), or it may sometimes be as old-fashioned and simple as picking up the phone and calling opposing counsel at a verified phone number, or meeting face-to-face to confirm the identity of one’s counterpart and the validity of the transaction details.
Either way, this case demonstrates that parties to modern, high-tech financial transactions must remain vigilant in ensuring they are dealing with their authentic peer. Failing to do so may be at their own financial peril.
LESSONS:
1. Use of checks should always be considered as wiring funds can be problematic.
2. The “Imposter Rule” found in the Uniform Commercial Code (UCC) shifts the burden of loss to the party who had “more opportunity and was in the better position to discover the fraudulent behavior.”
3. In making this factual determination, trial courts must consider the extent to which each party exercised ordinary care with respect to preventing the fraud and may apportion the loss accordingly.