- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
By: Marc Finkel
In 2019, the United States Treasury Department released statistics detailing the number of reported business email compromise incidents over a three- year period. The number of monthly incidents increased exponentially over those three years from approximately 500 reported incidents per month in 2016 to over 1,100 reported incidents per month in 2018. Additionally, the total value of such scams increased from approximately $110 million per month in 2016 to $310 million per month in 2018. Despite the efforts of law enforcement to curtail such scams, the Treasury Department statistics suggest that the problems associated with business email compromise incidents are worsening over time.
Businesses that routinely conduct large wire transfers in the ordinary course of business, such as law firms, are particularly vulnerable to such scams. Unfortunately, when a law firm falls victim to such a scam, the consequences can be financially devastating with little-to-no available recourse. Such a situation recently befell a Boston area law firm that was denied relief from the Massachusetts Appeals Court in a matter arising out of an email scam that cost the firm over $300,000.00.
In Sarrouf Law LLP v. First Republic Bank & another, a lawyer from the Plaintiff law firm was contacted through the firm’s email system from someone pretending to be the president of a large foreign construction manufacturing company. The scammer sought to hire the law firm to represent the manufacturing company in the sale of construction equipment to a purported Massachusetts based purchaser. The scammer went so far as to have a telephone conference with a lawyer from the Plaintiff law firm in order to discuss details concerning what was ultimately a phony business transaction and to execute a fee agreement as required by the Plaintiff.
Once “engaged” the Plaintiff was sent two checks that were purportedly from the equipment buyer’s insurance broker. The first check was in the amount of $3,000.00 which was meant to cover the Plaintiff’s fee. The second check was in the amount of $337,044.00 and was purportedly an initial deposit for the purchase of the construction equipment. Both checks were subsequently deposited in the Plaintiff’s lawyer trust account. The scammer thereafter provided the Plaintiff with specific wiring instructions as to the second check which the Plaintiff followed—even though the first check for $3,000.00 had been returned as non-payable.
The Plaintiff’s bank, Defendant First Republic Bank, conducted a multi-tiered procedure in order to verify the requested wire transfers. The Defendant ultimately approved the wire transfers and the recipients received the funds as directed. It was discovered after the wire transfers were completed that the second check for $337,044.00 was counterfeit and, as a result, the Plaintiff was charged back the amount of the second check. Accordingly, the Plaintiff’s lawyer trust account became overdrawn and required them to deposit over $300,000.00 of their own money in order to restore the account to its prior balance. Ultimately, the Plaintiff filed a two- count complaint in the Massachusetts Superior Court against the Defendant alleging, under California law (due to choice of law considerations), negligence and a violation of the California Uniform Commercial Code. The Superior Court granted summary judgment on behalf of the Defendant and dismissed both counts of the Plaintiff’s complaint.
On appeal, the Massachusetts Appeals Court affirmed the allowance of summary judgment. Specifically, the Appeals Court found that the Plaintiff could not bring a viable claim for negligence against the Defendant due to (1) the absence of a legal duty based upon the relationship between the parties; (2) the economic loss doctrine’s bar against the recovery of pure economic losses in claims sounding in tort; and (3) that the Plaintiff’s common law negligence claim is preempted by sections of the Uniform Commercial Code that apply to banks and transactions similarly at issue. Furthermore, the Appeals Court affirmed summary judgment as to the second count of Plaintiff’s complaint alleging a violation of the California Uniform Commercial Code because there was no evidence that the Defendant failed to exercise good faith or ordinary care in the performance of its obligations to follow the wire instructions as directed by the Plaintiff. Here, the Defendant had no legal obligation to inspect the check to determine whether it was potentially counterfeit.
The Sarrouf Law LLP matter serves as a truly sad and cautionary tale of which practicing lawyers should be aware. As the Appeals Court stated, “[a] party is in the best position to guard against the risk of a counterfeit check by knowing it’s ‘client,’ it’s client’s purported debtor and the recipient of [a] wire transfer.” When it comes to business email compromise incidents none of us are immune to such scams and vigilance on our part alone is the only form of true protection.
If you have questions or would like more information, please contact Marc Finkel at email@example.com.