There was Optus and Medibank and HWL Ebsworth who have unfortunately experienced significant data breaches with serious ramifications for their customers and clients. Everyone uses email and there are increasing numbers of email scams and some which seem legitimate….until you click on the link to the attachment. Businesses are now ensuring that appropriate mechanisms are in place as well as having training sessions conducted for staff to alert them to the issues to keep in mind, particularly when receiving requests for the transfer of money or arranging for the transfer of funds to customers or clients.

The ramifications of accepting the veracity of an email with directions for payment was highlighted in a recent case handed down last week following an urgent application – CCSG Legal Pty Ltd & Anor v Commonwealth Bank of Australia & Ors [2023] NSWSC 1276 specifically dealt with a fraudulent request for funds to be paid into a different bank account.

The facts were simple:

1. CCSG Legal were engaged to undertake work on behalf of a Trustee in bankruptcy at Hall Chadwick in respect of a bankrupt estate.
2. Upon completion of the legal work, CCSG Legal sent an email to Hall Chadwick which attached its invoice in the sum of $145,282.20 – the invoice specified payment to be made to its bank account with its BSB and account number.
3. Hall Chadwick obtained payment of the sum of $145,282.20 from the Trustee in bankruptcy. However, before this amount was transferred to CCSG Legal, an email was sent to Hall Chadwick, purportedly from CCSG Legal, which stated that the bank details for payment had changed and fresh bank account details were provided. Hall Chadwick arranged for payment of the sum of $145,282.20 to the bank account provided in the email.
4. Unfortunately, the email had not been sent by CCSG Legal to Hall Chadwick. The email was a fraudulent impersonation with details of a fraudulent bank account – following the payment of the funds into the first bank account in the name of the second defendant, the sum of $101,000.00 was transferred to a separate fraudulent account in the name of the third defendant. Both accounts were held with the Commonwealth Bank.
5. Upon becoming aware of the fraudulent interference, an urgent application was made (after hours) to have the funds in both fraudulent accounts frozen with a total of $124,250.51 held in both accounts.
6. CCSG Legal sought orders compelling the second and third defendants to return the sum of $145,282.20 and for the Commonwealth Bank to release the sum of $124,250.51, being the frozen monies, to the Trustee in bankruptcy.
7. The plaintiffs relied upon the cause of action of monies had and received which enables a restitutionary claim to be made against the defendant for him to repay the monies which he has stolen. In Shaw Building Group Pty Ltd v Narayan (No 2) [2015] FCA 585, Foster J said the following:
   

   “Money that has been stolen may be recovered from the thief in an action for money had and received. The claim against the thief is an independent restitutionary claim based upon unjust enrichment by subtraction because the defendant’s receipt of an obviously unjust enrichment has resulted from the defendant’s deception of the plaintiff or commission of a wrong against the plaintiff.”

8. Therefore, a victim of theft may also sue for money had and received as the thief has failed to give valuable and adequate consideration. The successful action for money had and received requires the defendant to repay the money received by him; in other words, the amount “subtracted” from the plaintiff.
9. The Court was satisfied that the Trustee in bankruptcy was entitled to an order for the return of the monies paid by him to the fraudulent accounts (which included the amounts held by the Commonwealth Bank in the frozen bank accounts).
10. The Court noted that the Commonwealth Bank had done no wrong and was only a party to facilitate an order for the frozen monies in the two fraudulent accounts to be paid to the Trustee in bankruptcy, being the party whose money had been stolen.
11. Accordingly, the Court granted judgment against the second and third defendants for the full amount of the $145,282.20 plus interest and costs together with an order that the Commonwealth Bank release the funds held in the frozen bank accounts (save for a small amount of $124.76 which was the remaining balance in the initial fraudulent account but did not form part of the original payment despite an argument that this amount should be set off in favour of the Trustee in bankruptcy).

To protect your business, you need to ensure that your employees are always alert and vigilant when arranging for payment of funds and most will already adopt these simply steps:

• Always check the email address – there may be one letter that is different so by glancing at it, it seems like the true recipient’s email.
• Always confirm bank details by a phone call directly with the party to whom you are making the payment.
• Always use the phone number from a reliable source such as the one on your client file or on the company’s website and not simply the phone number provided in the email.
• Always ensure that the bank details provided by email match those confirmed by a phone call.

If you require assistance in this area, Catherine Pulverman and the team at FCW Lawyers would be happy to provide any necessary advice on these issues if they arise and implement any necessary steps which may need to be taken to protect your business.