An email scam cautionary tale
By Nancy Rubin, K.C. and Levi Parsche
What happens if a person accidentally makes payment to a hacker, instead of to the person they actually owe money? Should they have to pay again? In the recent decision, Jane Group Limited v. Heritage Gas Limited, 2022 NSSM 36, a small claims court adjudicator said yes.
EFT Payment Scam
In the case, two companies had agreed to split the costs to repair a sidewalk after a natural gas line was installed. Shortly after the repairs were completed, Jane Group emailed Heritage Gas seeking payment of its share. Heritage Gas responded, requesting an invoice for the repairs, and indicated it could pay by electronic funds transfer (“EFT”) or via cheque. So far, so good.
Then, Heritage Gas received what it assumed was a response from Jane Group, providing banking information and instructions to send payment via EFT. Unfortunately, this email was actually from an online hacker who had intercepted previous communications. The hacker, representing themselves as the Jane Group president, provided information for a fraudulent bank account, and asked for the money to be deposited that same day.
Heritage Gas emailed Jane Group again indicating it needed an invoice before it could make a payment. In response, (and from a different email address) Jane Group provided an invoice, which indicated payment should be made by cheque to a mailing address.
Unfortunately, upon receipt of the invoice, Heritage Gas followed the earlier EFT instructions that had been sent, depositing the payment into the fraudulent bank account provided by the hacker.
Decision
Having not received payment, Jane Group sued for recovery from Heritage Gas. Counsel for Jane Group argued that there were several “red flags” in the email from the hacker (spacing and typographical errors) which should have triggered a follow-up by Heritage Gas, not to mention the discrepancy in the direction to pay via EFT or cheque.
On the other hand, counsel for Heritage Gas argued that the loss of money was due to Jane Group’s “carelessness” and lack of cybersecurity.
In the end, Adjudicator Darling found that both parties were innocent victims of the hacker and ruled that as neither party had exhibited blameworthy conduct, the case must be decided in favour of the Claimant, Jane Group.
Key Takeaway
As we move towards an increasingly digital world, this case serves as a reminder to keep an eye out for fraudulent activity. Take extra steps to make sure your electronic funds transfers are secure. Watch out for email red flags (typos, suspicious links, misspellings, a sense of urgency) and confirm payment details via an additional method – otherwise you might end up on the hook and have to pay twice!
This update is intended for general information only. If you have questions about the above, please contact the authors.
Click here to subscribe to Stewart McKelvey Thought Leadership.
Archive
By Kevin Landry On November 9 2023, Bill C-365, An Act respecting the implementation of a consumer-led banking system for Canadians (“C-365”), short titled as the ‘Consumer-led Banking Act’ was read in the House of…
Read MoreBy Jennifer Taylor The Nova Scotia Court of Appeal (“NSCA”) has issued an important decision clarifying the test to disallow a limitations defence. The decision, Halifax (Regional Municipality) v Carvery (“Carvery”), has real implications for personal…
Read MoreBy Deanne MacLeod, K.C., Burtley Francis & David Slipp On September 21, 2023, the Federal Government introduced Bill C-56: An Act to amend the Excise Tax Act and the Competition Act (“Bill C-56”), with the…
Read MoreBy Nancy Rubin, K.C. and Lauren Agnew The long-awaited Green Choice Program Regulations (N.S. Reg. 155/2023) were released by the provincial government on September 8, 2023, offering some clarity into the practical implementation of Nova…
Read MoreBy Koren Thomson, John Samms, and Matthew Raske The Newfoundland and Labrador Court of Appeal has held that the Information and Privacy Commissioner for this province (the “Commissioner”) does not have the authority to order…
Read MoreBy Perlene Morrison, K.C. Municipalities are required to pass code of conduct bylaws in accordance with section 107 of the Municipal Government Act (the “MGA”). Subsection 107(1) of the MGA specifically states that a municipality’s…
Read MoreBy Sheila Mecking and Kathleen Starke On August 23, 2023, the Ontario Superior Court (“ONSC”) upheld a complaints decision which ordered a psychologist to complete a continuing education or remedial program regarding professionalism in public…
Read MoreBy Dante Manna As we advised in a previous podcast, all federal employers with at least ten employees[1] have been subject to the Pay Equity Act [2] (“PEA”) and Pay Equity Regulations [3] (“Regulations”) since…
Read MoreBy Nancy Rubin, K.C. Environment and Climate Change Canada (ECCC) recently published a draft of the Clean Electricity Regulations (CER). The proposed Regulations work toward achieving a net-zero electricity-generating sector, helping Canada become a net-zero…
Read MoreBy Stephen Penney & Matthew Raske In the recent decision Index Investment Inc. v. Paradise (Town), 2023 NLSC 112, the Supreme Court of Newfoundland and Labrador validated the Town of Paradise’s decision to rezone lands…
Read More