Who is liable

Author
Discussion

anonymous-user

53 months

Thursday 23rd July 2015
quotequote all
So, no answer then. Why am I not surprised?

pork911

7,086 posts

182 months

Thursday 23rd July 2015
quotequote all
aye, i forgot scan reading, doling out guff then picking and choosing what is relevant is your preserve
- ah well 'tis your ball afterall so keep flexing wink

silverous

1,008 posts

133 months

Thursday 23rd July 2015
quotequote all
It seems unreasonable that the customer paid a debt in good faith based on a convincing email, only for them to still owe the money. That said, I can see both sides - if I'd sent them the email asking for money and it was a poor fake and they'd paid it to me, the builder would still want to be paid, this is only different because they managed to spoof the customer into thinking they were the actual builder. A good spoof is a spoof nonetheless? Is the builder to be responsible for security of the internet? That said, what if the builder did not take reasonable steps to protect his identity. If I leave copies of my company letterhead lying around in the street, and someone buys something purporting to be me using said letterhead - am I responsible in any way? I see parallels with that here.

Bigyoke

152 posts

131 months

Thursday 23rd July 2015
quotequote all
silverous said:
It seems unreasonable that the customer paid a debt in good faith based on a convincing email, only for them to still owe the money. That said, I can see both sides - if I'd sent them the email asking for money and it was a poor fake and they'd paid it to me, the builder would still want to be paid, this is only different because they managed to spoof the customer into thinking they were the actual builder. A good spoof is a spoof nonetheless? Is the builder to be responsible for security of the internet? That said, what if the builder did not take reasonable steps to protect his identity. If I leave copies of my company letterhead lying around in the street, and someone buys something purporting to be me using said letterhead - am I responsible in any way? I see parallels with that here.
No, you're in no way responsible for what a criminal misuses your letterhead, or anything else, for unless you are actually complicit, in which case you are also a criminal.

Mandate fraud is not new, 20 years ago it would have been a letter, a fax, a phone call instead of an email. As businesses have evolved, so have the methods used by criminals to target them. That is why the email is largley irrelevant, it was merely the medium used to make the false representation. The losses incurred by companies due to incidents like this can often mean the end of the company which is grossly unfair but it's equally unfair and unreasonable to expect the company or individual legitimately owed the debt to simply suck it up. In the example I gave earlier you can substitute supplier for employee and customer for employer, there is no substantive difference. How would you feel in those circumstances?

In this thread and the other one it was suggested that this was some kind of scam carried out by the supplier to screw a double payment out of the customer. Assuming the companies involved are reasonably legit there is next to no possibility of this being the case. It just would 't be worth the hassle.

anonymous-user

53 months

Thursday 23rd July 2015
quotequote all
There are only two realistic possibilities here. Either there was a hack, in which case the customer still owes the builder, or there wasn't a hack, in which case the builder is engaged in fraud. pork911 says that there is a middle path, but cannot or won't identify it. Well, there isn't a middle path.

Saying that it is not "reasonable" for A to have to discharge an obligation to B that A has not yet discharged, because A has been swindled by C (with no connivance by B) into paying C instead of B, adds nothing to the discussion. The question is whether a contractual obligation has been discharged, not whether the situation is unfair and tough on A. The unfairness is not of B's making.

Red Devil

13,055 posts

207 months

Thursday 23rd July 2015
quotequote all
BV, I hope this doesn't go the way of that other 40+ page thread. It seems to be par for the course now on this forum for any legal question to generate an inordinately high SNR. rolleyes

anonymous-user

53 months

Thursday 23rd July 2015
quotequote all
It is all my fault, because I interrupt the Google-taught experts. I will stop.

superlightr

12,842 posts

262 months

Thursday 23rd July 2015
quotequote all
For that sum of money I would have posted out an invoice on letter headed paper and typed which account to be paid to or attched to an email.

Emails are ok but not that safe. The client still has not discharged his debt to the builder. He has been scammed.

anonymous-user

53 months

Thursday 23rd July 2015
quotequote all
Still all my fault, but in mitigation may I mention that school's out for summer?

Actus Reus

4,229 posts

154 months

Thursday 23rd July 2015
quotequote all
'Ask Breadvan' could make a great Radio 4 show - punter in the studio asks BV a legal question. BV answers it. Joe Public rings up to call the punter a /moneygrabber/thief, and tell BV that he's wrong. The show doesn't end, it just sort of fades away.

plasticpig

12,932 posts

224 months

Thursday 23rd July 2015
quotequote all
superlightr said:
For that sum of money I would have posted out an invoice on letter headed paper and typed which account to be paid to or attched to an email.

Emails are ok but not that safe. The client still has not discharged his debt to the builder. He has been scammed.
As a customer I would pay the supplier by cheque. Preferably by actually physically handing it to them and getting a receipt.

Quattromaster

Original Poster:

2,904 posts

203 months

Friday 24th July 2015
quotequote all
Update..

Following a meeting this am the customer who is £16,500 out of pocket has been told the "scam" account has been frozen, and that some money has been taken out, the bank however will not be telling them how much until a week Tuesday.

Thank you folks for all your pointers, good and bad, I have shown my brother this, and the other thread which we have both read with interest.

I'll be back a week Tuesday to let you all know how much they got away with, place yer bets.

BertBert

18,953 posts

210 months

Friday 24th July 2015
quotequote all
with this and the other thread in mind, I got an invoice by email today (one man band type business) and I got separate verification of bank details before paying.

Bert

JM

3,170 posts

205 months

Friday 24th July 2015
quotequote all
Quattromaster said:
Update..

Following a meeting this am the customer who is £16,500 out of pocket has been told the "scam" account has been frozen, and that some money has been taken out, the bank however will not be telling them how much until a week Tuesday.

Thank you folks for all your pointers, good and bad, I have shown my brother this, and the other thread which we have both read with interest.

I'll be back a week Tuesday to let you all know how much they got away with, place yer bets.
CUNextTuesday


redface

Martin4x4

6,506 posts

131 months

Friday 24th July 2015
quotequote all
Breadvan72 said:
There are only two realistic possibilities here. Either there was a hack, in which case the customer still owes the builder, or there wasn't a hack, in which case the builder is engaged in fraud. pork911 says that there is a middle path, but cannot or won't identify it. Well, there isn't a middle path.

Saying that it is not "reasonable" for A to have to discharge an obligation to B that A has not yet discharged, because A has been swindled by C (with no connivance by B) into paying C instead of B, adds nothing to the discussion. The question is whether a contractual obligation has been discharged, not whether the situation is unfair and tough on A. The unfairness is not of B's making.
You are missing the real point, when B has clearly been negligent by not securing his email and that email has been used to perpetuate the fraud against A then they must bear at least some responsibility.

If not within the current legal framework then certainly morally. If they had failed to secure their bank account, or office then the situation would certainly be considered differently. This case is really good example of legacy law lagging behind social/technical developments.

plasticpig

12,932 posts

224 months

Friday 24th July 2015
quotequote all
Martin4x4 said:
You are missing the real point, when B has clearly been negligent by not securing his email and that email has been used to perpetuate the fraud against A then they must bear at least some responsibility.

If not within the current legal framework then certainly morally. If they had failed to secure their bank account, or office then the situation would certainly be considered differently. This case is really good example of legacy law lagging behind social/technical developments.
The fact B has had is email hacked in no way implies he has been negligent. It could be the fault of the ISP, email service or the developer of the O/S in use. It could be none of the above as well. Even running fully up to date anti virus and malware won't necessarily be enough protection as there are always new exploits being found and used.

Then of course there are always electronic eavesdropping techniques like Van Eck phreaking. Unless thousands have been spent on EMF shielded equipment then that's always going to be possible.

Bigyoke

152 posts

131 months

Saturday 25th July 2015
quotequote all
A
Martin4x4 said:
You are missing the real point, when B has clearly been negligent by not securing his email and that email has been used to perpetuate the fraud against A then they must bear at least some responsibility.

If not within the current legal framework then certainly morally. If they had failed to secure their bank account, or office then the situation would certainly be considered differently. This case is really good example of legacy law lagging behind social/technical developments.
Have you ever received an unsolicited letter from a retail bank, or a utility company or any other large, well known, legitimate company? Say Santander for example. Most people have. If you then took that Santander letter, scanned it, did a bit of editing, bit of photoshop, then used it to defraud someone would Santander be responsible? If not, why not. They actually sent you the means to commit the fraud. Obviously in that scenario Santander would have no responsibility, legally or morally for what you had done and the same would be true, if not more so, if you had actually hacked their systems to achieve your ends.

As for securing email, no one allows their email to be hacked, it's not their fault they've been targeted. Why are some trying to assign some of the blame onto the victims?

anonymous-user

53 months

Saturday 25th July 2015
quotequote all
Martin4x4 said:
You are missing the real point, when B has clearly been negligent by not securing his email and that email has been used to perpetuate the fraud against A then they must bear at least some responsibility.

If not within the current legal framework then certainly morally. If they had failed to secure their bank account, or office then the situation would certainly be considered differently. This case is really good example of legacy law lagging behind social/technical developments.
That isn't the real point at all. What obligation does B owe in respect of an immoral act by a fraudster that is not B's fault? You say that B was clearly negligent. What is your evidence for that assertion?

As for technology, the same scam could be perpetrated by someone going around to the customer and pretending to be a representative of the builder and collecting payment. This is an old, old scam just wrapped up in a new electronic guise.


Martin4x4

6,506 posts

131 months

Saturday 25th July 2015
quotequote all
plasticpig said:
The fact B has had is email hacked in no way implies he has been negligent. It could be the fault of the ISP, email service or the developer of the O/S in use. It could be none of the above as well. Even running fully up to date anti virus and malware won't necessarily be enough protection as there are always new exploits being found and used.

Then of course there are always electronic eavesdropping techniques like Van Eck phreaking. Unless thousands have been spent on EMF shielded equipment then that's always going to be possible.
You have no idea about IT security, you think you do, hence dropping the buzz phrases but you don't. Pay attention and you might actually learn something.

There is already ample information to determine to pretty high certainty exactly how this 'hack' was carried out and it is in no way sophisticated. B used public wifi to access his email over http and compromised his email account, his customer was spear phished using the details he exposed, the receiving bank account will almost certainly also be a victim of payment/over-payment fraud.

All because B failed to properly secure their email account.

A prudent person doesn't use (unencrypted) email for financial transactions; or use public (unencrypted) wifi, or (unencrypted http) webmail. This fraud was possible because they did all of these. If they had followed just one of these golden rules this fraud would not have been possible that is what makes them negligent.

Blaming the ISP or email providers is simply asinine.

Martin4x4

6,506 posts

131 months

Saturday 25th July 2015
quotequote all
Breadvan72 said:
What is your evidence for that assertion?

As for technology, the same scam could be perpetrated by someone going around to the customer and pretending to be a representative of the builder and collecting payment. This is an old, old scam just wrapped up in a new electronic guise.
You are a legal expert, I'm an IT expert and that is my expert technical opinion based on the information provided. A more detail reasoning is in the post above yours.

The old scenario is superficially similar, but I don't see any negligence on the part of the builder.

If we consider that scenario, what would be the legal position if the builder had been negligent in some way. Lets say lent his branded van to the (fake) representative?


Edited by Martin4x4 on Saturday 25th July 09:59