In a time defined by technology, even the most routine legal practices demand heightened care. The once straightforward act of sending settlement funds to the opposing side has become a point of vulnerability, one that can carry significant financial consequences if mishandled. A recent California decision underscores just how high the stakes have become.
In Thomas v. Corbyn Restaurant Development Corp., 111 Cal. App. 5th 439 (2025), the California Court of Appeal addressed an issue of first impression: which party bears the risk of loss when a fraudster diverts settlement funds through a spoofed communication.
The Case at a Glance
Following settlement, an unknown third-party impersonating plaintiff’s counsel sent spoofed emails to defense counsel, providing fraudulent wire instructions. Relying on those instructions, defendants wired $475,000 in settlement funds to the imposter’s account. Even with alleged reports to a “cyber insurance carrier” and the filing of a report with the FBI, the funds were never recovered.
When the fraud came to light, plaintiff demanded payment under the settlement agreement. Defendants refused, arguing they had already sent the funds. The trial court disagreed and granted plaintiff’s motion to enforce the settlement under California Code of Civil Procedure section 664.6, ordering defendants to pay the full settlement amount.
A Gap in California Law, Filled by Federal Persuasion
Notably, the trial court recognized the absence of California authority directly addressing fraudulent diversion of settlement funds. In resolving the dispute, it turned to persuasive federal case law, which has consistently applied principles akin to the Uniform Commercial Code’s “imposter rule.”
The Court of Appeal affirmed, agreeing that although California courts had not yet addressed the issue, federal decisions were persuasive in anchoring its analysis of the imposter rule to determine which party should bear the risk of loss from a fraudulently induced wire transfer.
The “Red Flags” That Shifted Liability
Central to the court’s analysis was a fact-intensive inquiry into which party was better positioned to prevent the fraud. The record revealed multiple red flags that should have alerted counsel:
- The settlement agreement specified payment to a client trust account yet the wire instructions listed a different payee and omitted the plaintiff’s name.
- The parties had agreed to payment by check, but the imposter requested a wire transfer instead.
- The spoofed emails contained inconsistent contact information, including a phone number that did not match prior communications or court filings.
- Attempts to verify the instructions by phone failed, with the number proving inoperable.
Based on the totality of these circumstances, the trial court found, and the Court of Appeal agreed, that defendants were in the best position to detect the fraud and bore the resulting loss.
Key Takeaways for Your Everyday Practice
Beyond resolving the dispute, the opinion reflects a broader judicial awareness of evolving fraud risks in modern financial transactions. As the court observed, technological convenience has a dual edge: while it enables instantaneous transfers, it also creates opportunities for increasingly sophisticated impersonation schemes.
With the cautionary warnings from the court in mind, here are a few key takeaways for your everyday practice:
- Ensure consistency between the settlement agreement’s payment terms and the method of payment. Any deviation should be supported by a documented and verified agreement between the parties.
- Confirm any changes to payment instructions through verified channels. A well-known phone number or in-person confirmation remains one of the most effective safeguards.
- Adopt and enforce internal security protocols. Law firms should implement measures such as multifactor authentication, secure communication platforms, and verification procedures for financial transactions.
- Train legal staff to recognize fraud indicators. Awareness of common red flags, like last-minute changes or inconsistent contact information, can prevent costly mistakes.
At its core, Thomas v. Corbyn Restaurant Development Corp. reminds us that diligence, not technology, is the ultimate safeguard. Often, the simplest step, confirming instructions through a trusted phone number or in person meeting, can prevent serious consequences.
If you have any questions or need assistance, please reach out to the NFC Attorney with whom you typically work or call us at 973.665.9100 or 619.292.0515.