A court has ruled Bank of America does not need to pay back $580,000 to a law firm that fell victim to wire fraud. The ruling highlights how crucial it is for law firms to have proper wire fraud prevention procedures in place as they are ultimately responsible for money moving in and out of their accounts. Once a transaction has been made, even a fraudulent one, there is little anyone can do to stop it.
The ruling came after law firm O’Neil, Bragg, & Staffin, P.C. alleged Bank of America should be held responsible for damages after it failed to stop a wire transfer the firm made to an account in China. This was despite the firm asking the bank to reverse the transfer soon after it was made.
A federal judge dismissed the lawsuit because the bank had not breached any agreement, violated federal regulations, or breached the Pennsylvania Commercial code by sending the money, reports the Pittsburg Post-Gazette.
How Was the Wire Fraud Attempt Carried Out?
An employee made the transfer after receiving payment instructions in an email claiming to be from Gary Bragg, one of the partners at the firm. The email was convincing due to its use of intimate knowledge of the firm’s business.
The original court filing contains details of the attack.
Firstly, the hacker gained access to Bragg’s Microsoft Exchange Email account. From here, they were able to send emails that appeared to come from Bragg’s address to an employee of the firm.
The hacker obtained the details that made the email convincing from information found in the email account. These included the partner’s signature line and knowledge of financial transactions the law firm had made. The email even called the member of staff by his nickname.
The hacker sent details of the bank account they wanted the money to be sent to and specified which of the law firm’s accounts the money should be sent from. A sense of urgency was created by request to make the transfer first thing in the morning.
The email exchange was made more plausible — and harder for the victims to discover — because Bragg was traveling in Seattle at the time. It is not known if the hacker knew this was the case, but it seems likely.
This all meant the employee did not feel the need to question the authenticity of the request. It was only after he spoke to Bragg about the transfer that the company realized it had fallen victim to wire fraud.
Once an Attack is Carried Out, There is Little You Can Do
The law firm’s actions following the attack show how little can be done once the money has been sent.
As soon as the employee realized what had happened, they notified Bank of America and asked it to stop the transfer. However, the bank said it was too late to do anything as the transfer had already been made.
Instead, it suggested contacting the receiving bank.
Unfortunately, the law firm didn’t have much success with this either. After emailing the Bank of China in Hong Kong, they received a message that stated it couldn’t do anything until after a court order had been obtained.
The Bank of China later revealed how it deals with wire transfers. It said it processes money based on instructions from the remitting bank. However, it added that the sending bank can cancel the instructions if the transfer has not yet been processed.
This led the firm to believe Bank of America could have done more to stop the attack.
However, despite the statement from the Bank of China, the court ruled that Bank of America had done nothing wrong. It said the request to cancel the transfer was made too late.
Despite its attempts to reverse the transfer, the firm has so far only recouped around $58,000 of the total money lost.
What Can You Do to Protect Yourself?
This case shows that when it comes to wire transfers, law firms have to be responsible for money traveling in and out of their accounts.
Once the transfer request is made, there is very little anyone can do to stop the request going through. Even if there is a decision to freeze the funds or reverse the transfer, if it isn’t done instantly, the hacker will often have moved the money elsewhere.
Things become even more complicated when money gets wired abroad. O’Neil, Bragg, and Staffin ended up having to go to court in Hong Kong. However, this was both time-consuming and expensive — they allege that, in total, it cost them $20,000.
Defending yourself from cases of fraud in the first place is the best way to avoid getting in trouble.
Ensuring you have robust network security is the first step. Meanwhile securing all your accounts with strong and unique passwords and two-factor authentication can stop hackers getting access to the type of details needed to run a scam.
When it comes to wiring money, a product like CertififID will help protect you. CertifID authenticates all parties in a transaction and guarantees funds up to $1 million. Check out our free trial if you want to learn more.