Wire Fraud!

Monitor Daily

Wire fraud has a long and established history in American law. Based upon the even-older concept of mail fraud, wire fraud was added to the federal criminal code to cover any scheme to defraud using the interstate telephone or telegraph wires to further that fraud. Recently, wire fraud has taken on a new, sinister meaning. Today, criminals are creating false email accounts to mimic the email account of a legitimate party to a transaction and sending instructions from that false account to another legitimate party (perhaps a lender or a purchaser) to have its bank wire the exact amount involved in the legitimate transaction, but to the fraudster’s account. Two recent judicial decisions demonstrate the new risks arising from this modern-day version of wire fraud.

In Wintrust Specialty Finance v. Pinnacle Commercial Credit, Wintrust and Pinnacle entered into a program agreement pursuant to which Wintrust agreed to purchase, from time to time, equipment finance loans which Pinnacle had made to third-party users of the equipment. When Wintrust agreed to purchase a secured loan which Pinnacle had made to the buyer of a truck, it also agreed to remit its purchase price (for the loan) to the equipment vendor. This is a customary “pay proceeds” feature where a third-party lender or loan purchaser is instructed to pay the vendor, to be sure that an unpaid seller does not retain a lien on the equipment.

In this instance, the vendor emailed Pinnacle its “pay to” information, which Pinnacle forwarded to Wintrust. Unfortunately, a fraudster had hacked into the vendor’s email system and inserted a fictitious account as the wire transfer payee. Wintrust duly wired its loan purchase price to the fraudster’s account. Thirty-six days later, Pinnacle informed Wintrust that the vendor had never received the payment; by then, the fraudster had withdrawn the money and closed the fictitious account. To avoid a potential vendor lawsuit and lien on the equipment, Wintrust made a second payment, this time to the vendor’s actual account.

Wintrust then sued Pinnacle, arguing that Pinnacle’s actions in providing fictitious wire instructions, failing to pay for the equipment and failing to provide Wintrust with a first priority security interest in the truck constituted a breach of the defendant’s representations and warranties under the program agreement. Citing a different provision, the court held in favor of Wintrust, noting that the “key feature of the agreement is the indemnification clause, which requires [Pinnacle] to indemnify [Wintrust] ‘for any all expenses, injury and damage” which Wintrust may suffer “as a result of [Pinnacle’s] acts” and that Pinnacle “never indemnified [Wintrust] for its loss.” Besides alerting buyers, lenders and other payors of the importance of authenticating wire transfer instructions, this decision emphasizes the importance of including an indemnification clause rather than simply relying on a contractual obligation to repurchase the sold property because of the other party’s misrepresentations.

In Mile High v. Flying M Aviation, the parties had entered into a settlement agreement under which Mile High agreed to pay the other party (FMA) $50,000. FMA’s counsel (Gresham) emailed Mile High, directing it to wire that amount to FMA’s account at SouthPoint Bank, but for whatever reason, Mile High never received that email. Five hours later, the Mile High employee (Peacock) received an email, ostensibly from Gresham’s email account, directing that the settlement amount be wired to another bank. An imposter had “spoofed” Gresham’s account, by creating a second email account “that appeared identical to Gresham’s email account and sending [Mile High] wiring instructions to an account owned or controlled by the imposter.” Mile High thereupon wired the $50,000 to the fraudster’s account.

When Mile High refused to send the settlement amount again to the proper FMA account, FMA sued to enforce the agreement. The court relied upon the so-called “imposter rule:” that “the party who was in the best position to prevent the fraud by exercising reasonable care should bear the loss.” In holding for FMA, the court noted that FMA always had communicated with Mile High in a single email chain, i.e., one which contained all the back-and-forth emails between the two parties, but that Mile High’s employee had received a standalone email from the fraudster. Furthermore, Peacock “did nothing to verify the wiring instructions,” nor did the Mile High bookkeeper make any inquiry when Peacock forwarded the fraudster’s email.

The fraudster cleverly sent several emails to Gresham, ostensibly from Peacock, advising that payment of the $50,000 had been delayed and thanking Gresham for his patience. The court observed that “those emails were apparently sent by the fraudster as part of the scheme to delay detection of the fraud” and that “the imposter had somehow prevented [Mile High] from receiving the correct wiring instructions.” Although the court concluded that both Mile High and FMA had been defrauded, it ruled that Mile High “was in the best position to prevent the fraud by exercising reasonable care to verify the wiring instructions before executing the wire transfer” and hence ordered Mile High to send to FMA a second payment for the settlement amount.

The Equipment Leasing & Finance Foundation recently published its 40-page report, “Fraud in the Equipment Leasing and Finance Industry.” It surveys fraud experience by size of the company involved, discusses approaches to fraud management and summarizes various solutions in the marketplace: verifying the identity of counterparties; profiling email addresses to determine whether they previously have been associated with fraudulent activity; using a person’s activity to verify identity, rather than just relying on a photo on a scanned driver’s license; and evaluating whether the fraudster’s address (a continent far away from the fraudster’s U.S. location) or browser (Chrome and Safari are good examples, but Tor is “commonly used to surf the dark web”) raises suspicion.

A forthcoming essay in the Journal of Equipment Finance embellishes the ELFF report by spotlighting various “pain points” identified by industry participants. They include criminal enterprises which access publicly available information (such as certificates of incorporation or formation filed with the Secretary of State) to create fraudulent credentials and link them with a fake website. In a bow to equipment frauds from past decades, other pain points include a borrower and third parties falsifying documents in order to induce a lender to offer lease or loan financing, such as an equipment dealer marking up the equipment cost to enable the borrower to obtain more financing than an honest appraisal would have justified.

The consensus appears to be that, in addition to the techniques mentioned in the ELFF report, an industry coalition should be considered to share information and best practices for fraud detection and prevention. Meanwhile, transaction documents increasingly are including a warning that parties wiring funds must take precautions to avoid the kind of fraud that was encountered in Wintrust and Mile High. One high-end real estate broker now includes in its broker agreements language to the effect that “Prior to wiring any money, you must call the intended recipient at a telephone number previously known to you as a valid telephone number to confirm the instructions.” A major stock brokerage firm has gone further, refusing to accept funds transfer instructions via email — even a scanned copy of a signed letter — and requiring customers to provide instructions to the firm’s office fax number. More protective measures may be expected as creative fraudsters explore new versions of 21st century wire fraud. 

"Wire Fraud!" by Stephen T. Whelan was published in Monitor Daily in June 2024.