An email scam cautionary tale
By Nancy Rubin, K.C. and Levi Parsche
What happens if a person accidentally makes payment to a hacker, instead of to the person they actually owe money? Should they have to pay again? In the recent decision, Jane Group Limited v. Heritage Gas Limited, 2022 NSSM 36, a small claims court adjudicator said yes.
EFT Payment Scam
In the case, two companies had agreed to split the costs to repair a sidewalk after a natural gas line was installed. Shortly after the repairs were completed, Jane Group emailed Heritage Gas seeking payment of its share. Heritage Gas responded, requesting an invoice for the repairs, and indicated it could pay by electronic funds transfer (“EFT”) or via cheque. So far, so good.
Then, Heritage Gas received what it assumed was a response from Jane Group, providing banking information and instructions to send payment via EFT. Unfortunately, this email was actually from an online hacker who had intercepted previous communications. The hacker, representing themselves as the Jane Group president, provided information for a fraudulent bank account, and asked for the money to be deposited that same day.
Heritage Gas emailed Jane Group again indicating it needed an invoice before it could make a payment. In response, (and from a different email address) Jane Group provided an invoice, which indicated payment should be made by cheque to a mailing address.
Unfortunately, upon receipt of the invoice, Heritage Gas followed the earlier EFT instructions that had been sent, depositing the payment into the fraudulent bank account provided by the hacker.
Decision
Having not received payment, Jane Group sued for recovery from Heritage Gas. Counsel for Jane Group argued that there were several “red flags” in the email from the hacker (spacing and typographical errors) which should have triggered a follow-up by Heritage Gas, not to mention the discrepancy in the direction to pay via EFT or cheque.
On the other hand, counsel for Heritage Gas argued that the loss of money was due to Jane Group’s “carelessness” and lack of cybersecurity.
In the end, Adjudicator Darling found that both parties were innocent victims of the hacker and ruled that as neither party had exhibited blameworthy conduct, the case must be decided in favour of the Claimant, Jane Group.
Key Takeaway
As we move towards an increasingly digital world, this case serves as a reminder to keep an eye out for fraudulent activity. Take extra steps to make sure your electronic funds transfers are secure. Watch out for email red flags (typos, suspicious links, misspellings, a sense of urgency) and confirm payment details via an additional method – otherwise you might end up on the hook and have to pay twice!
This update is intended for general information only. If you have questions about the above, please contact the authors.
Click here to subscribe to Stewart McKelvey Thought Leadership.
Archive
On March 29, 2016, the Province of New Brunswick tabled proposed changes to the Industrial Relations Act and the Public Services Labour Relations Act. If passed, these changes would dramatically alter well-established principles of private sector collective bargaining.…
Read MoreBy Jennifer Taylor Why is this case a big deal? It started with two salmon. Now, after several years of litigation, the Nova Scotia Provincial Court in R v Martin, 2016 NSPC 14 has stayed proceedings against…
Read MoreTHE EDITORS’ CORNER Michelle Black and Sean Kelly One day, the line between mental and physical disabilities may not be so pronounced, but, for now, distinctions are still drawn between Employee A with, for example, diabetes and…
Read MoreBy Lisa Gallivan Employees can be your biggest asset, if you hire the right people. This can often be one of the biggest decisions that you make as a business owner or employer. The “right” employee…
Read MoreBy Burtley Francis and Kathleen Leighton Order Up: Apple, P.I. Recently, the public safety versus personal privacy debate has been brought to main headlines. Apple is facing a court order (available here) requiring the company to assist the FBI in the investigation of…
Read MoreIn preparing for the 2016 proxy season, you should be aware of some regulatory changes and institutional investor guidance that may impact disclosure to and interactions with your shareholders. This update highlights what is new…
Read MoreBy Burtley Francis and Michael MacIsaac You remember Left Shark… The Super Bowl is a lot of things to a lot of people and is arguably the most anticipated event of the year that is not a holiday…
Read MoreBy Jennifer Taylor Summary The Canada Industrial Relations Board recently held that it had no jurisdiction as a federal board to certify a bargaining unit comprised of fisheries employees of the Waycobah First Nation. The decision…
Read MoreBy Peter McLellan, QC In the 1970s the issue for employers was long hair and sideburns. In the 1980’s it was earrings for men. Today the employer’s concerns are with tattoos and facial piercings. What are…
Read MoreBy Jennifer Taylor Introduction It sounds simple: Two disputing parties, hoping to resolve their disagreement without drawn-out court proceedings, will mutually agree to a settlement on clear terms; release each other from all claims; and move…
Read More