Nigerians Phish a B2B Transaction & Steal $736k. Who Bears the Loss?–Beau Townsend Ford v. Don Hinds Ford

September 27, 2017 · by · in E-Commerce, Licensing/Contracts, Privacy/Security

2011_Ford_Explorer_Limited_--_02-07-2011This case could be a law school exam. Beau Townsend Ford (the seller) was looking to unload Ford Explorers in bulk. Their sales guy connects with a person at Don Hinds Ford (the buyer). They had transacted with each other before. By email, they negotiate a sale of 20 Explorers for $736k. So far so good.

But then…the Nigerians had hacked sales guy’s email account and set up some automated rules. After the email deal was struck, all incoming emails from the buyer’s contact were filtered out of the sales guy’s email account and forwarded to the Nigerians. The Nigerians then responded to the buyer’s emails from a Gmail account that used the sales guy’s name. So when the buyer proposed paying by check, the fake Gmail account responded with wire transfer instructions. The instructions listed the destination accountholder as “K.B. KEY LOGISTICS L.L.C.,” but the buyer didn’t think that name was strange because car dealers often use DBAs. The wire transfers were sent (to the Nigerians), the buyer picked up the vehicles in stages, and the buyer emailed to confirm that the wire transfers were received, which the fake Gmail account confirmed. A week later, the seller reaches out to the buyer to find out where the money is, and everyone involved had a bad day.

The seller sued the buyer for non-payment of the 20 Ford Explorers. Who bears the risk of loss of the Nigerians’ theft?

The court says: “Both parties would each have the Court find that the other was in the best position to avoid the misfortune that occurred in this case.” The court responds: “both parties were negligent in their business practices” because the seller “should have maintained a more secure email system and taken quicker action upon learning that it might have been compromised,” and the buyer “should have ascertained that an actual agent of Beau Townsend Ford was requesting that it send money by wire transfer.”

As part of blaming the buyer, the seller pointed out that the Nigerians’ emails to the buyer had obvious spelling and grammatical mistakes. The court blithely responds: “the Court notes increases to to [sic] near ubiquity of errors due to voice recognition technology and auto-correct.” (Surprisingly, the court doesn’t blame millennials or texting for the death of grammar and spelling). Ironically (?), the opinion has a grammar error in a sentence acknowledging the ubiquity of grammar errors. Whoops…or clever? Cf. Billy Joel’s You’re Only Human.

Though the court isn’t sympathetic to either side, the court ultimately sides with the seller. The contract was valid, the buyer took delivery but didn’t pay the seller, so the seller deserves its money–all $736k. Oof.

So, what do you think about this outcome? What do you feel is more blame-worthy: not maintaining secure email accounts, or not noticing that emails are coming from strange accounts? Should the buyer have picked up the phone? Should the seller have confirmed payment before transferring possession? Perhaps we could try to point the fingers at other people, such as the email service providers or the bank? Would your feelings change if it’s ultimately an insurance company cutting the check? So who do you think should bear this risk of loss? I’d love to hear your thoughts.

Case citation: Beau Townsend Ford Lincoln Inc., D/B/A Beau Townsend Ford v. Don Hinds Ford, Inc. D/B/A Don Hinds Ford, 2017 WL 4237028 (S.D. Ohio Sept. 25, 2017)