- Legal Malpractice Policy Covered Law Firm After Falling Victim to “Phishing Scheme”
- May 31, 2013 | Authors: Terrence P. McAvoy; Katherine G. Schnake
- Law Firm: Hinshaw & Culbertson LLP - Chicago Office
Stark & Knoll Co., L.P.A. v. ProAssurance Cas. Co., 2013 WL 1411229 (N.D. Ohio 2013)
Plaintiff law firm fell victim to a “phishing scheme” and had to cover a $197,921 wire with its general operating account monies. The law firm then filed a claim with defendant insurer, seeking coverage for the loss under its legal malpractice insurance policy. The insurer denied the claim and the law firm filed a declaratory judgment action. The insurer moved to dismiss, arguing that the plain language in the policy demonstrated that the “phishing scam” to which the law firm fell prey was not a covered loss. The court held that the subject attorney, who was employed by the law firm, had engaged in “professional services” and that the law firm was covered by the policy.
An attorney with the law firm (Attorney) received an email purportedly from an attorney located in Idaho inquiring as to whether he would accept a collection matter on behalf of a client located in Germany. The Attorney indicated that he would accept the referral, subject to a conflict of interest check, and was advised to contact the German client directly. The Attorney then received an email from a “Mathis Traugott” of ZeligSteel AG in Germany. Traugott advised the Attorney of the nature of the collection action. The matter cleared conflicts and an engagement letter was signed.
Thereafter, the Attorney received a copy of a sales agreement purportedly between ZeligSteel AG and Rable Machine. Traugott advised the Attorney that Rable would be forwarding a partial payment on the account. The Attorney then received an envelope containing an “Official Check of Citibank, N.A.” in the amount of $295,960, payable to the law firm. The check was deposited in the firm’s Interest on Lawyer Trust Accounts (IOLTA) account with a bank (the law firm’s bank), and the Attorney emailed a receipt to Rable Machine indicating that the check had been received. The following day, the Attorney received wiring instructions from Traugott directing that $197,921 be wired to “Full House Trading Co. Japan’s account at the Johuku Shinkin Bank.” The Attorney then received another wiring instruction directing him to wire another $65,750 to the Japanese bank. The Attorney conveyed the instructions to the firm’s administrator to coordinate with the law firm’s bank. Later that same day, the law firm’s bank contacted the law firm and informed it that the check from Rable Machine was returned and marked as “unable to locate.” The law firm’s bank further advised that the check was a forgery. The law firm’s bank was able to stop the $76,750 wire, but the $197,921 wire had already been sent.
That same day, the Attorney learned that the attorney located in Idaho had never requested a referral and, in fact, the attorney believed that a fake email address was set up for his office. The Attorney contacted Rable Machine and was advised that it did not remit a CitiBank check. The Attorney then reported the “phishing scheme” to the police. The law firm transferred funds out of its general operating account in order to cover the funds it wired out of its IOLTA account. The law firm then filed a claim with the insurer, seeking coverage for the loss under its legal malpractice insurance policy. The insurer denied the claim and the law firm filed a declaratory judgment action. The insurer moved to dismiss, arguing that the plain language of the policy demonstrated that the “phishing scam” to which the law firm fell prey was not a covered loss.
The parties argued over whether the Attorney had been engaging in “professional services.” The insurer argued that no attorney-client relationship existed between the Attorney and Traugott (or ZeligSteel), and therefore no professional services could have been rendered. The insurer also argued that the services performed by the Attorney were ministerial actions which did not require “specialized legal knowledge.” The law firm countered that the Attorney had performed “professional services” by researching the parties’ identities, performing a conflicts check, drafting an engagement letter, and reviewing the alleged sales agreement purportedly between ZeligSteel and Rable Machine.
The insurer also argued that the monies taken from the IOLTA account were “misappropriated” and did not meet the definition of “damages” contained in the policy. The law firm responded that where an insurer denies coverage based on a third-party’s acts, the policy must specifically so state and this particular policy was ambiguous and must be construed against the insurer.
The court held that the Attorney engaged in “professional services.” The court cited to Nardella Chong v. Medmarc Casualty Ins. Co., 642 F.3d 941, 942 (11th Cir. 2011), which decided a similar version of the email phishing scam, where the bank charged back against the law firm’s trust account, which contained funds belonging to 51 clients. The court held that the policy covered actions which included those of a “trustee” or “similar fiduciary capacity.” The court further held that in order to fall outside the definition of “damages,” the misappropriator must have acted dishonestly. The court construed the language against the insurer and found that the acts of the overseas third-party did not preclude coverage.
The insurer also argued that the policy did not apply because the $25,000 deductible had to be satisfied as to each client. The declarations page, however, provided a “per claim” deductible of $25,000, but the “aggregate deductible” was listed as $0. The court found that the policy was ambiguous as to whether a “per claim” deductible or “aggregate” deductible applied, construing the ambiguity against defendant.
Significance of Opinion
This opinion underscores how frequent and dangerous phishing scams can be to lawyers and law firms. Lawyers and law firms must remain vigilant when screening new clients and referrals.