Wolf in Seller’s Clothing: Fraudulent Wire Instructions Sent by Spoofing and the Ensuing Liabilities

Submitted by HKM Profession… on Fri, 01/22/2021 - 15:19

Wolf in Seller’s Clothing: Fraudulent Wire Instructions Sent by Spoofing and the Ensuing LiabilitiesBy: Jennifer Stierns1

A buyer enters into a big contract. The “seller” emails wire instructions to the buyer. The buyer wires funds to the “seller’s” account. The real seller never receives the funds. What happened? The parties fell victim to a hacker’s “spoofing” scheme—the hacker emailed the buyer pretending to be the seller and provided wire instructions directing payment to the hacker’s bank account. The sophistication of this scheme can vary, but in some cases the fraudulent email appears to have been sent from another person’s email account, displaying an identical email address and e-signature. 

With the increased usage and sophistication of spoofing schemes, legal disputes are on the rise to determine who should suffer the loss when a hacker successfully carries out this scheme.

Limited Recourse Against Banks

Claims against the sending and receiving bank are typically a dead end because of the preemptory effect of Article 4A of the Uniform Commercial Code (UCC), which governs wire transfers between banks and commercial entities. Deliberately drafted to balance risks and obligations between the bank and its customer, the Article limits the claim avenues against a bank in this circumstance. Usually, a bank will not be liable so long as the party who made the transfer was authorized to do so.  The spoofing scam is aimed at the person or entity instructing the bank and not the bank itself; therefore, the transfer is typically made by an authorized party, but sent to the wrong place.  

No Presumption of Liability Against Either the Buyer or Seller

With banks generally out of the picture, parties have looked to one another to recover their losses. Courts have grappled with how to allocate fault in these circumstances and have increasingly used UCC § 3-404 as a guide. This section governs negotiable instruments, but specifically addresses the scenario where an imposter induces a payor to issue a check by impersonating a proper payee of the instrument.  It states:

If a person paying the instrument or taking it for value . . .  fails to exercise ordinary care . . . and that failure substantially contributes to loss resulting from payment of the instrument, the person bearing the loss may recover from the person failing to exercise ordinary care to the extent the failure to exercise ordinary care contributed to the loss.

In other words, there is no presumption that either the buyer or seller is liable. Rather, the party that was in the best position to prevent the fraud, through the exercise of ordinary care, will suffer the loss of the fraudulent transaction. Courts have found this framework instructive for misdirected wire transfers. 

Court Decisions Inform Best Practices to Avoid the Spoofing Scam

There is no set standard to determine who was in the best position to prevent a loss. However, a review of recent court decisions is instructive on best practices to avoid falling victim to a spoofing scam:

  • Verify wire instructions by phone. In Jetcrete North America LP v. Austin Truck & Equipment, Ltd.,2 the court remarked that “[a] simple phone call to [Seller] would have revealed the fraud and avoided the loss,” and held the buyer liable.    
  • Verify the email address which sent the instructions. In Beau Townsend Ford Lincoln, Inc. v. Don Hinds Ford, Inc.,3 the hacker used a different email address that resembled but was not identical to the authentic email of the seller contact. The buyer did not notice because the name that showed up in Microsoft Outlook was the same. The Sixth Circuit reversed summary judgment in the buyer’s favor and remanded so a jury could determine liability.  Spotting a non-identical email address will stop the scheme in its tracks, although additional steps are necessary in cases where the hacker is able to identically spoof an address.   
  • Look for differences between the “new” and “old” wire instructions. In Arrow Truck Sales, Inc. v. Top Quality Truck & Equipment, Inc.,4 the court found that the buyer had failed to prevent the loss in part by failing to take action even though the wire instructions from the hacker were from a different bank, state, and had a different beneficiary. Beau Townsend similarly involved new wire instructions with a different bank, state, and beneficiary. 
  • Be wary of “new” or “updated” wire instructions. This scam frequently involves the hacker advising the victim of “new” instructions based on some pretext. For example, in Jetcrete, the hacker claimed that the “new” instructions were for larger transactions. In Arrow, the new instructions were supposedly needed due to “unsettled tax issues.”
  • Notify all parties to a transaction of potential fraud. In Bile v. RREMC, LLC,5 the court held that a plaintiff’s attorney was most responsible for preventing the loss when he failed to report to defense counsel that he had received a fraudulent email purporting to be from his client directing that funds be wired to an out-of-country bank account. The same hacker that emailed the plaintiff’s attorney later sent the same instructions to the defendants’ counsel who then sent the settlement funds to the hacker’s account.

Watch for Additional Red Flags

More generally, parties to wire transactions should watch for the same red flags that may be contained in other types of fraudulent emails. Typos, improper grammar, and strange and overly formal language can all be signs that the email attaching the wire instructions is not authentic, even if it appears to be from the individual who would be expected to send the instructions. As with most email schemes, a combination of diligence and common sense can go a long way to protect yourself against a hacker’s intrusions.


1 Jennifer Stierns is a law clerk at HKM and attends Mitchell Hamline School of Law (J.D. expected May 2022).
2 No. 2:18, CV-01999-APG-BNW, 2020 WL 5249613, --- F. Supp. 3d ---- (D. Nev. 2020).
3 759 Fed. Appx. 348 (6th Cir. 2018).
4 No. 8:14–cv–2052–T–30TGW, 2015 WL 4936272 (M.D. Fla. Aug. 8, 2015).
5 No. 3:15cv051, 2016 WL 4487864 (E.D. Va. Aug. 24, 2016).
Author(s)

The information contained in this website is for informational purposes only and does not constitute legal advice on any matter.

The transmission and receipt of information contained on this website, in whole or in part, or communication with HKM, P.A. or any of its employees via the Internet or e-mail through this website does not constitute or create an attorney/client relationship between us and any recipient. You should not send us any confidential information in response to this website as such information will not be held in confidence. Any communication to this website does not create an attorney/client relationship, and whatever you disclose to us will not be privileged or confidential unless we have agreed to act as your legal counsel in writing. The material on this website may provide information regarding developments in the law but is not legal advice. The content and interpretation of the law addressed on the website is subject to change. HKM, P.A. disclaims all liability in respect to actions taken or not taken based on any or all the contents of this website to the fullest extent permitted by law. Websites, such as this one, are considered attorney advertising, not legal advice. For legal advice, seek professional legal counsel.