US Law Firm Sued Over Fraudulent Wire Transfer

American international law firm Holland & Knight is facing a lawsuit over a fraudulent wire transfer that saw criminals make off with more than $3m. 

According to the suit, the law firm was hired by two foundations to sell some stock and carry out a merger plan related to the sale. However, a fraudster was able to steal the proceeds from the sale after intercepting emails from the firm and impersonating the stock seller. 

Posing as the seller in an email, the fraudster asked Holland & Knight to wire $3.1m from the stock buyer to a fraudulent account identified as Wemakos Furniture Co. Limited.

The firm sent an email to the new account to verify it, but this email too was intercepted by the cyber-criminal. New documents for the slightly differently named HongKong Wemakos Furniture Trading Co. Limited were sent by the fraudster to Holland & Knight, and the transfer was completed.

The lawsuit was brought by the two foundations selling the stock, Sorenson Impact Foundation and the James Lee Sorenson Family Foundation. The former invests in startups created to help underserved communities while the latter is a nonprofit trust based in Utah. 

According to the plaintiffs, Holland & Knight should have done more to prevent the cybercrime from occurring. They have accused the firm and the transfer agent, a second defendant, of being in breach of contract and of failing in their fiduciary duty. 

The suit says the agent and the firm should have known from the inconsistencies between the documents they received that the fraudster's account was illegitimate. The plaintiffs also said that the defendants should have picked up the phone and called the stock sellers to verify the authenticity of the emails. 

The American Lawyer reports that since being filed in June in Utah state court, the lawsuit was removed to federal court on July 21.  

Holland & Knight provided this statement to the ABA Journal: “Holland & Knight’s information technology system was not compromised in any way. The plaintiff was not a client, and the firm acted on wiring instructions received from the plaintiff’s email system by providing the instructions to the paying agent.”

What’s Hot on Infosecurity Magazine?