Recent Case Win

Author:
Russell Nevell
Russell Nevell
email compromise scam

Longton Legal succeeds in holding a big four bank liable for payments made as a result of a sophisticated email scam.

Longton Legal’s banking and finance department recently succeeded in recovering the entirety of $275,000 in payments made by a customer to an unknown third-party bank account as a result of a business email compromise scam (BECS).

What is a BECS?

A business email compromise scam involves scammers hacking into a company’s email account to intercept and redirect a legitimate payment email or create a new falsified payment email.

Attackers will usually intercept and tamper with an existing payment request email or invoice or initiate a new payment request to a trusted colleague/supplier based on previous legitimate email correspondence.

Since these emails come from a legitimate email account, and closely mimic regular correspondence, they are near impossible to detect by email providers and are highly successful against their victims.

This scam

In early 2023, John* and his wife, after saving for many years, commenced the process of purchasing their first home.  During that process they engaged a reputable law firm that had been operating for over 15 years.

Upon finally deciding on their first home, John instructed his solicitor to perform the relevant conveyancing work. Several weeks later, John received an email from his solicitor asking that he pay the first lot of the deposit and invoice fees, totaling approximately $275,000.  In two quick payments, John made the transfers as directed.  The emails were identical to what he had seen before, and he had no reason not to believe the contents.

After several days it became apparent that the money did not go to the solicitor and that a scammer had intercepted the solicitor’s email and changed the trust account details.

After realising that he had been scammed, John immediately contacted his Bank who undertook an investigation.  Unfortunately, the outcome of that investigation resulted in less than $500.00 being recovered.

The consequences of this were significant.  In addition to the loss of the money and the trauma that came with it, it also resulted in John having to obtain extra last-minute finance, pay late fees, and exceed his mortgagee’s LVR requirements resulting in LMI being incurred.

Australian Financial Complaints Authority

After John’s dissatisfaction with the Bank’s investigation, he lodged a complaint with the Australian Financial Complaints Authority (AFCA) and sought Longton Legal’s assistance with the complaint.

During the course of the complaint process, it was clear that the Bank was refusing to accept liability for the scam payments and relied on the principal that banks do not have a duty to its customers to monitor accounts for scams or that there are contractual obligations between banks and its customers protect customers from scams or monitor their accounts.

Additionally, the Bank sought to rely on the fact that at the time the scam transactions occurred, it was before the Australian banking industry committed to safe-guarding Australians from scam activity and entered into the Scam-Safe Accord.

While the law in Australia on this point is not quite settled, we have seen this issue examined in the UK in Phillip v Barclays Bank UK PLC 2023 UKSC 25, where the court considered the Bank’s duty where the customer had been tricked into making a payment. The court found that unless the Bank was “put on inquiry” because it had reasonable grounds to believe there was a possibility of misappropriation, it was contractually obliged to follow its customer’s instructions. The court commented there was no tortious duty of care over and above the responsibilities described in the contract.

Unforunately, in the first instance, AFCA agreed with the Bank’s position and suggested that only nominal damages ought to be paid.

Despite the above, it became apparent that the Bank had, prior to the time the scam transactions occurred, issued a media release saying that it was introducing a new system that would add futher security protection and would notify customers if there were account name mismatches or if a Bank’s customer had not previously paid money into an account.

Upon delving further into the new security system, it become apparent that, while it had been rolled out that the time of the scam transactions, and was applicable to the scam transactions, it was malfunctioniong due to a small and isolated technology issue.

It also became clear that this technology issue was not reported in any subsequent media release from the Bank or at all.

It was Longton Legal’s position that if the security system had been operational, it would have notified John and alerted him to possible concerns about the account he was paying into, specifically that no customer of the Bank had ever paid into this account, which was wholly illogical given the solicitor had been operating for many years.  It followed, if the alert was given, John would not have only stopped the first scam transaction but also the subsequent one.

After higlighting this to the Bank, the Bank tried to settle it on the basis that it would only be liable for the first scam transaction as the second transaction would not have, in any event, been caught by the new security system.  This position was completely abandoned after Longton Legal set out the clear flaws with this and highlighted the disingenuous attitude taken by the Bank in not notifying its customers of the technology outage that affected the new security system.

What this means

While this scenario was settled and not published, it provides a clear indication that the big banks duty and liability is changing.

While technology is certainly helping the world in progressing at an alarming rate, it is both a shield and sword when it comes to big banks and companies making general sweeping statements about their new systems and how they intend to deal with issues such as fraud.

If you have been the victim of a BECS or similar scam, we encourage you to reach out to Russell Nevell, head of our banking and finance team, to discuss your options in recovering your losses.

*Due to non-disclosure obligations, names and minor details have been changed, and the subject bank has not been identified.

Disclaimer: This is intended as general information only and not to be construed as legal advice. The above information is subject to change. You should seek independent legal advice before embarking upon any course of action.

Share:
Key contacts
Russell Nevell
Special Counsel
Sydney

Related Insights

view all insights
Keffiyehs

Can Employers Censor their Employees While at Work? 

On 30 January 2024, two Black Star Pastry Bakery employees wore Keffiyehs – a traditional scarf linked to the struggle […]

Read More
Read More
Doing Business in Australia: Your Free Business Health Check and Guide to Overcoming Cashflow Challenges

Doing Business in Australia: Your Free Business Health Check and Guide to Overcoming Cashflow Challenges

This is a challenging financial and economic climate for companies, businesses, and families. If you want to outwit, outplay, and […]

Read More
Read More

Sign up for insights

Get the latest insights and updates direct to your inbox.

Newsletter

Longton Legal is committed to providing strategic, client-focused legal advice. Our expert team ensures you receive tailored solutions with the precision and care you deserve.
Facebook-square Linkedin Instagram

Navigation

Insights

© 2024 Longton Legal. All rights reserved | Terms & Conditions | Privacy Policy
Scroll to Top