Cat MacLean: David v Goliath meets online fraud – part one
In a five part series for Scottish Legal News this week, BTO partner Cat MacLean tells the story of an epic legal battle with the Clydesdale Bank. She explains the reality of litigating against a huge opponent with bottomless pockets, the cost and funding of litigation and the need to find leverage, to use it to fight, and to keep fighting.
Part one: Sekers v Clydesdale Bank – setting the scene
This is the story of the fight to secure recompense for a business. It tells of the reality of litigating against a huge opponent with bottomless pockets, the reality of the cost and funding of litigation, and the reality of the need to find leverage, to use it to fight, and to keep fighting.
In 2017, the managing director of a manufacturing business came to me to ask for help. His business had been defrauded of over half a million pounds, and the two cashiers who worked for him, who had been the target of this sophisticated APP fraud, were devastated. His distress, not so much in relation to the lost funds, but regarding the impact this had had on two long-serving colleagues was painfully evident.
APP (authorised push payment) fraud is the name given to scams where the victim is tricked into making large bank transfers to an account controlled by the fraudster – often, as happened to Sekers, where the fraudster pretends to be a member of the bank staff (frequently claiming to be part of the fraud team). APP fraud has been steadily increasing over the past five years and such frauds have become increasingly sophisticated.
In Sekers’ case, the fraudster identified himself as “Steve”, claimed to be from Clydesdale’s fraud team, and gave certain confidential details about the account that suggested to Sekers’ cashiers – G and P – that he probably was who he said he was. He said that the company’s bank account had been blocked by the bank as a precautionary measure. This type of situation had happened before to the company. The fraudster said he would work to unblock the account.
Nevertheless, G and P had an element of reservation, and sought reassurance from Clydesdale that Steve was who he said he was. They phoned Clydesdale’s helpdesk and called the relationship manager (RM) assigned to Sekers, seeking help from both.
The helpdesk took details from G and P, but gave no advice, simply indicating they would revert in due course. The RM asked G and P to obtain Steve’s full name, and then to send the RM an email. The cashiers duly did so.
No further advice was given by either the helpdesk or the RM. Critically, neither told the cashiers not to do anything until the caller’s true identity had been clarified. Neither took any steps to suspend activity on the company’s account until the position was clarified. Neither cashier was told that they must not make payments. The cashiers felt reassured that everything was in order and understood that either the helpdesk or the RM would get back to them if anything was untoward.
In due course, Steve asked the cashiers to regain access to the web portal and process a number of “blocked” payments. Payments totalling £566,000 were made (a small amount of which was later recovered). The majority of the transferred sums were lost to the fraudster…