Homebuyers end up buying hackers a house
Posted on 03/09/2017 at 08:39 AM by John Lande
In what is becoming an all-to-familiar pattern, potential homebuyers in Kansas saw the money they intended to spend on their home end up in a hacker’s bank account. Bain v. Continental Title Holding Company began after homebuyers received an email from what they thought was their real estate broker that contained wire instructions. The homebuyers intended to wire $200,000 to the broker’s bank account, but ended up wiring the money to hackers.
Hackers intercepted an email to the homebuyers that was supposed to contain the correct wire instructions. The hackers altered the wire instructions in the email so the homebuyers had no idea they were sending money to the hacker’s account.
The homebuyers sued the bank that made the wire transfer. The bank asked the court to dismiss the lawsuit because the bank was not the source of the loss. The court explained that whether the bank was liable depended on:
[The bank’s] liability . . . turns on factual issues concerning whether [homebuyers] are “senders” . . . ; whether the email string forwarded by [homebuyers] to [the bank] constitutes a “payment order” . . . and, if so, whether that payment order was “unauthorized” (as alleged by [homebuyers] in their proposed complaint) or “erroneous” (as alleged by [the bank] in its submissions) . . . ; and whether and to what extent the parties agreed to any security procedures to protect against fraudulent payment orders.
Unfortunately for the bank, the court was not able to resolve these questions at a preliminary stage of the case. The court decided that it needs additional information from the bank and the homebuyers regarding the manner in which hackers were able to intercept the email to the homebuyers. For the bank that means additional time spent litigating.
This case presents a good example of the vexing problems facing homebuyers and sellers, and their financial institutions. While it may seem that there was little the bank could have done to prevent this transfer, scrutiny of the bank’s security procedures may reveal opportunities to mitigate this kind of fraud. For example, the bank or homebuyers could have independently called the target bank to verify the funds were going to the correct bank. Furthermore, the homebuyers could have called the broker to verify the wire information.
This case should remind financial institutions and account holders that there are risks associated with financial transactions conducted over the internet. All parties should think hard about whether they need to conduct sensitive financial transactions exclusively over the internet, even if all they are doing is obtaining wire transfer instructions via email.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
- John Lande
Categories: Cybersecurity Law, John Lande, Real Estate & Land Use
Questions, Contact us today.
The material, whether written or oral (including videos) that is posted on the various blogs of Dickinson Bradshaw is not intended, nor should it be construed or relied upon, as legal advice. The opinions expressed in the various blog posting are those of the individual author, they may not reflect the opinions of the firm. Your use of the Dickinson Bradshaw blog postings does NOT create an attorney-client relationship between you and Dickinson, Bradshaw, Fowler & Hagen, P.C. or any of its attorneys. If specific legal information is needed, please retain and consult with an attorney of your own selection.