Public Service Announcement: Double-Check Email Addresses and Telephone Numbers When Sending or Receiving Sensitive Information!

By Michael Mandel  |  June 4, 2025

If you’re reading this, then settlements are obviously near and dear to your heart. But in a first-of-its-kind decision, a recent Court of Appeal decision highlighted a modern-day issue with settlements: what happens when an imposter causes one party to a settlement to send settlement proceeds to the imposter instead of the other settling party?

FACTUAL BACKGROUND

In Thomas v. Corbyn Restaurant Development Corp et al. (4th DCA, Case No. D083655, May 27, 2025), the parties had reached a settlement of a personal injury lawsuit for $475,000. The plaintiff’s counsel asked for payment to be made by check to the firms’ client trust account.

Thereafter, an unknown third party sent an email to defendants' counsel from an email address that, at quick glance, appeared to be plaintiff’s counsel’s email address. But the email address had slight, but significant, differences – it omitted one letter from the sender’s username and added one letter to the domain name. In this “spoofed” email, the ersatz plaintiff’s attorney asked for the settlement funds now to be electronically transferred.

The next day, the defendants’ counsel responded to the spoofed email that they would be able to accommodate the request and transfer the settlement funds electronically. The defendants’ counsel attempted to call the plaintiff’s counsel at the telephone number in the spoofed email – but the email listed a phone number that was disconnected. Defendants’ counsel responded to the spoofed email asking for the wire transfer instructions and a number to call to discuss.

The spoofer subsequently responded to defendants’ counsel’s email, this time copying someone they identified as the plaintiff’s counsel’s firm’s head of finance. The “head of finance” then replied by email to defendants’ counsel and provided wire instructions and a telephone number to call him at. The wire instructions identified an account name at CitiBank that included the plaintiff’s counsel’s firm name. Accounting personnel from defendants’ counsel’s firm called and spoke to the “head of finance” at the phone number provided in the fraudulent email. Apparently satisfied that this was on the up and up, Defendants’ counsel then transferred the settlement proceeds using the wire instructions in the spoofed email. A month later, after additional spoofed emails that were intended to buy time and throw the parties off the trail, the parties finally realized they had been the victims of a cyber scam.

THE TRIAL COURT'S RULING

Thereafter, the plaintiff, having not received the settlement proceeds, went back to court to seek to enforce the settlement agreement and have the defendants make (another) payment of $475,000. Noting that there were no reported California decisions addressing this issue, the trial court applied federal case law that shifts the risk of loss to the party in the best position to prevent the fraud. The court found that, in this case, the defendants were in the best position to prevent the fraud and therefore granted the plaintiff's application to enforce the settlement, entering judgment in favor of the plaintiff for $475,000. The defendants appealed.

THE COURT OF APPEAL'S DECISION

The Court of Appeal agreed with the trial court. Like the trial court, in the absence of any California authority, the court relied upon federal decisions that anchor analysis to the “imposter rule” in the Uniform Commercial Code section 3-404(d), which California has adopted. The imposer rule provides that a “person bearing the loss may recover from the person failing to exercise ordinary care to the extent the failure to exercise ordinary care contributed to the loss.” The court ultimately held that the risk of loss shall be borne by the party in the best position to prevent the fraud, in this case, the defendant. The court advised that trial courts must consider the totality of the circumstances and the extent to which each party exercised ordinary care and the trial courts may apportion the loss accordingly.

The Court of Appeal ultimately found that substantial evidence supported the trial court’s decision and affirmed it. It noted that there were numerous red flags that should have alerted defendants’ counsel to the fraud. These included that the wire instructions conflicted with the settlement agreement, the phone number in the email differed from the phone number in other emails from the “real” plaintiff’s counsel and was disconnected, defendants' counsel failed to notice incorrect email addresses, and the imposter sent duplicate requests for wire instructions. In short, the Court concluded that, looking at the totality of the circumstances of the case, the defendants were in the better position to prevent the fraud and that there was no comparative fault on the part of plaintiff.

CONCLUSION

I am sure this is not an isolated incident. I have heard anecdotes from several attorneys about similar situations. This case thus presents a cautionary tale, whether you represent plaintiffs or defendants. Now is the right time for you to review your own cybersecurity policies and practices and make sure that you and your client do not become the next victim of this cyber crime.

As the Court of Appeal explained, “The antidote to these innovative fraudulent schemes may involve sophisticated encryption and digital safeguards (e.g., multifactor authentication), or it may sometimes be as old-fashioned and simple as picking up the phone and calling opposing counsel at a verified phone number, or meeting face-to-face to confirm the identity of one’s counterpart and the validity of the transaction details. Either way, this case demonstrates that parties to modern, high-tech financial transactions must remain vigilant in ensuring they are dealing with their authentic peer. Failing to do so may be at their own financial peril.”