Clark Hill Successfully Represents Steel Building Manufacturer in Business Email Compromise Case

Clark Hill Cybersecurity attorneys Chirag H. Patel and Myriah V. Jaworski successfully represented Studco Building Systems US LLC in a business email compromise loss matter. Patel was the lead trial attorney in the case.

The result follows a first-of-its-kind trial in which the client sought compensation from the financial institution that played a role in the loss as opposed to the electronic fraudsters.

U.S. District Judge Raymond A. Jackson awarded the client $558,000 in compensatory damages.

“From our research, there were no cases like this that made it past the motion to dismiss stage, and most of the cases ruled in favor of the financial institutions by saying they don’t have an obligation unless they affirmatively know of the fraud that’s happening in the account,” Patel said. “Our argument was that our facts were drastically different from those cases.”

The case stemmed from a series of events following an email the client received that appeared to be from one of its vendors, but in reality was from the fraudsters, who had previously gained access to the client’s email systems through a phishing attack.

The email provided new instructions for the client to pay the vendor through a credit union in Virginia. The scammers had hired an assistant whose job it was to set up a personal account at that credit union, and the client unknowingly began making payments to the assistant’s account when they believed the money was going to their vendor.

“The client hadn’t discovered the compromise at the point when the vendor started asking where their payments were,” Patel said. “The hacker began intercepting those emails, deleting them, and sending different ones. There was no way to detect the hack until months later.”

The client wound up sending $558,000 to the fraudulent account at the Virginia credit union.

During trial, Patel pointed out that the assistant had two accounts with the credit union previously, and those accounts rarely ever had more than $500 in them. When six-figure transfers began arriving, Patel argued that the credit union should’ve flagged the transactions through its alert system. There were numerous other factors that should have alerted the credit union of the fraud, including the mismatch between the incoming payment and the account holder, the high account turnover, and the cashiers check and wire transfer withdrawals.