California Fourth District Appellate Justice David Rubin
A state appeals panel has ruled a restaurant owner must pay a $475,000 lawsuit settlement despite having already been duped into sending the same amount to scammers posing as the plaintiffs' lawyers.
The California Fourth District Appellate Court issued a ruling on the matter May 27. Justice David Rubin wrote the opinion; Justices Truc Do and Jose Castillo concurred.
Rubin noted the “case presents an issue of first impression in California: ‘Which party bears the risk of loss when an imposter causes one party to a settlement to wire settlement proceeds to the imposter instead of the other settling party?’ ”
The underlying litigation is a personal injury lawsuit between Brian Thomas and Corbyn Restaurant Development Corp. Thomas’ allegations stemmed from an altercation with employees of Cowshed Bar & Grill. In that action, Thomas’ attorneys were from the firm of Chambers & Noronha, while the firm of Tyson & Mendes represented the restaurant group.
According to court records, the parties went through mediation to reach a settlement in the summer of 2023. In early September, Corbyn’s attorneys got an email requesting electronic transfer of settlement funds from what appeared to be a Chambers & Noronha office administrator, but was in fact a spoofed address, using slightly altered user and domain names paired with correct physical and website addresses and incorrect phone and fax numbers.
“On Oct. 10, 2023, the parties discovered they had been the victims of a cyber scam and that the settlement proceeds were wired to a fraudulent account,” Rubin wrote.
A month later, when Thomas still hadn’t been paid, he asked San Diego Superior Court Judge Robert Dahlquist to issue an order enforcing the settlement terms.
Thomas “noted that ‘California has no published authority on fraudulent wire transfers of settlement funds,’ but noted that federal courts have applied the ‘Imposter Rule’ found in the Uniform Commercial Code to shift the burden of loss to the party who had ‘more opportunity and was in the better position to discover the fraudulent behavior.’ ”
Dahlquist ultimately agreed with Thomas, prompting Corbyn’s appeal. Rubin said the panel agreed the issue hadn’t surfaced in California while also siding with Thomas’ position that the federal courts which have taken up similar questions “uniformly shifted the risk of loss caused by an imposter’s fraud to the party in the best position to prevent the fraud.”
Assessing which party is in such a position, Rubin continued, involves multiple “red flags” such as security protocols, prior breaches, disclosures, targeting and more. Even if neither party acted negligently, as Judge Dahlquist determined in this case, there can still be a legal ruling on which side was better positioned to prevent the fraud. The panel further determined Dahlquist’s ruling was substantially rooted in the available evidence.
Among the factors, Rubin noted, was that the initial spoofed email giving instructions for wiring the money conflicted with the terms of a written settlement agreement and release, including by omitting a reference to a client trust account and Thomas’ name. Further, attorneys for both sides had informally agreed the settlement payment would be in the form of a check. There also was the matter of the incorrect phone number for Chambers & Noronha on the spoofed email.
“Several of the courts that shifted the risk of loss to the payor did so because the payor failed to call the payee to confirm wire instructions unknowingly received from an imposter,” Rubin wrote. “Although defendants’ counsel took that preliminary step here, the fact the phone number was inoperable should have signaled counsel to exercise greater vigilance.”
The panel noted Tyson & Mendes could’ve compared the spoofed messages to known valid correspondence with Chambers & Noronha or checked an extrinsic source, such as the state bar website. Rubin also highlighted the fact a second spoofed email followed the first in a matter of minutes, “akin to typographical errors that courts have deemed significant in shifting the risk of loss.”
Like Judge Dahlquist, the panel rejected Corbyn’s arguments that Chambers & Noronha bore responsibility for allowing its email information to be spoofed. Rubin said evidence doesn’t support the assertion the scam — including knowledge of the settlement — was only possible because of a computer system breach. The panel also said evidence about information technology procedures at both law firms “is not as conclusive” as Corbyn asserted.
Furthermore, even if the record gave more credence to Corbyn’s arguments, Rubin said, that wouldn’t have required Judge Dahlquist to apportion any of the financial loss to Thomas.
“The imposter first contacted (Thomas’) counsel only after (Corbyn’s) counsel wired $475,000 to the wrong bank account,” Rubin wrote. “Moreover, defendants presented no evidence to the trial court showing that plaintiff’s counsel’s conduct contributed to the fraud’s success.”
Finally, the panel noted Dahlquist’s ruling didn’t alter the original settlement. He didn’t award prejudgment interest and rejected the argument that the restaurant functionally had to pay $950,000 to resolve Thomas’ allegations.
“The antidote to these innovative fraudulent schemes may involve sophisticated encryption and digital safeguards (e.g., multifactor authentication), or it may sometimes be as old-fashioned and simple as picking up the phone and calling opposing counsel at a verified phone number, or meeting face-to-face to confirm the identity of one’s counterpart and the validity of the transaction details,” Rubin wrote. “Either way, this case demonstrates that parties to modern, high-tech financial transactions must remain vigilant in ensuring they are dealing with their authentic peer. Failing to do so may be at their own financial peril.”
Thomas was represented in the appeal by O’Hagan Meyer. The panel said he is entitled to recover the legal expense associated with participating in the appeal.