Email phishing scams and wire fraud have been on the rise in recent years and the construction industry is becoming an increasingly attractive target for fraudsters. Payments from owners and payments to subcontractors have both been targeted by hackers through impersonation, identity theft, and hacked emails, and checks have been stolen from the mail. It is important to stay vigilant and understand the risks of various payment methods.
Physical checks are the safest method of payment because checks may be cancelled, and if deposited into an unauthorized account, the bank will refund the money, provided that the wrongful deposit is identified in a timely manner. See Unif. Com. Code § 4-406.
A wire transfer, however, is instantaneous. The speed and ease of a wire transfer makes it a susceptible target for fraud. A bank is not responsible for a customer-initiated wire transfer. Unless the fraud is noticed immediately-- or is egregious enough to get the FBI involved-- a hacker can abscond overseas with the money without recourse.
Cases of fraud between two innocent parties often results in long and costly litigation to determine whether the payor or payee was in the best position to prevent the fraud. Courts have gone both ways, with juries being asked who is more at fault: for example, should a General Contractor have noticed its own email was hacked, or should the Owner have questioned the suspicious change in payment instructions? Beau Townsend Ford Lincoln, Inc. v. Don Hinds Ford, Inc., 759 Fed. Appx. 348, 354 (6th Cir. 2018); Parmer v. United Bank, Inc., No. 20-0013, 2020 WL 7232025, at *6 (W. Va. Dec. 7, 2020); Arrow Truck Sales, Inc. v. Top Quality Truck & Equipment, No. 8:14-cv-2052-T-30TGW, 2015 WL 4936272, at *4−6 (M.D. Fla. Aug. 18, 2015).
Best Practices to Protect Your Payment:
- Most insurers offer cyber-security endorsements to protect against some types of cyber-crime. However, these policies often contain exclusions to certain categories of wire fraud (for example, a hacked email may be treated differently than an impersonated email) or be prohibitively expensive.
- Confirm the amount and account details on the phone before sending funds to a new account to ensure that a compromised email does not facilitate fraud.
- When requesting payment through a payment application or in the initial contract, include clear payment instructions and specify that the payment instructions are not to be changed without BOTH verbal AND written authorization.
- Ensure all employee’s computers and email accounts have an updated anti-virus and firewall installed.
- Train employees to spot suspicious phishing emails and report any concerns immediately.
Fraudsters have gotten very good at what they do, so if you or someone else on your project has fallen victim to a fraudulent payment scheme, reach out to the lawyers at HLPW as quickly as the fraud is detected to have the best chance at avoiding a loss.