Bank not responsible for hacked email that led to redirecting of $50,000 invoice payment

Home Guides & cases Case notes Fraud & scams - 90254

Bank not responsible for hacked email that led to redirecting of $50,000 invoice payment

Categories:

Fraud & scams,

Summary:

In January 2024, Alexia paid a $50,000 bill owing to a real estate company. She made a bill payment via internet banking to what she thought was the real estate company, but scammers had hacked into her emails and substituted another bank account number on the invoice. However, the fraud detection system of the recipient bank, where the scammers redirected Alexia’s money, identified the payment as suspicious and the account was frozen. The recipient bank was able to return $36,500 the following month, but the rest had been lost. Alexia asked her bank to reimburse her $13,500 loss. It refused, saying it was not responsible for her loss.

Published:

March 2025

Our investigation

We found the bank had followed the transaction instructions authorised by Alexia, sending the money to the account specified in those instructions. The bank's terms and conditions were clear that it was up to customers to make sure their payment instructions were correct because it did not check that account numbers and names matched at the time.

However, we also found the bank’s communications with Alexia were poor and its response to the fraud slow, delaying the return of Alexia’s money. Neither of these failings contributed to the loss, though. The bank offered $2,000 to compensate for the inconvenience and delay Alexia had suffered.