The recent decision of Thomas v. Corbyn Restaurant Dev. Corp., 111 Cal. App. 5th 439 (2025) is a wake-up call for all law firms handling client funds. Even the best-intentioned lawyers can, through a single lapse in protocol and judgment, find themselves liable for a six-figure settlement vanishing into the hands of cybercriminals.
The ruling makes clear: when proper procedures for financial transactions aren’t strictly followed, the law does not protect unwary lawyers from their monetary responsibilities.
In the following post, I explore how financial cyber fraud can happen to lawyers and steps to help ensure your law firm is protected.
How the fraud in Thomas happened
In Thomas, parties to a personal injury lawsuit settled the matter for a $475,000 payment. As commonly occurs, defense counsel received wire instructions via email that appeared to come from plaintiff’s counsel. Defense counsel followed the instructions in the email and wired the money.
The problem? The email actually came from a third-party scammer who provided fraudulent wire instructions for the settlement proceeds.
The spoofed “From” email address was similar to that of plaintiff’s counsel, differing by just two letters.
The body of the email even included the real plaintiff counsel’s correct email, website, and firm address, but the fraudsters did alter the phone number. This, along with convincing email content, created the ruse.
Defense counsel wired the settlement proceeds to the fraudulent account before discovering the scam. Once the fraud was discovered, plaintiff asked for the outstanding settlement money, but the defendants refused to pay.
Plaintiff brought suit to enforce the settlement agreement and the trial and appellate courts agreed: Defense counsel needed to pay up, and to the real plaintiff’s counsel this time.
Where things went wrong
The parties had an informal agreement that the settlement proceeds would be sent by check. Initially suspect of the email, defense counsel used the telephone number in the falsified email to attempt to “confirm” the new wire instructions.
This was a critical mistake. The scammers, anticipating this security measure, initially had an inactive number in the email before providing a fake number to the “Head of Finance” to complete the fraud.
Had the defense firm simply used the known phone number of the plaintiff’s firm (which was a phone number the firm had used since 1989) to verify the instructions, the fraud most certainly would have been detected. Red flags would have been raised, spoofed emails would have drawn closer inspection, and defense counsel wouldn’t have been on the hook for another $475,000.
Some firms mistakenly believe cyber insurance coverage will reimburse these losses. But in reality, such policies often contain exclusions such as losses or fraud from voluntary transfers. This seemed to be just the case in Thomas, as there are no indications of hacking, just convincing trickery and a lack of due diligence.
Protecting your law firm
I have outlined ways to protect your law firm from cybercriminals when dealing with financial transactions.
1. Confirm wire instructions verbally, using a known phone number
- Use ONLY phone numbers stored in your internal records or from legit websites, not those in emails.
- Consider video calls to confirm the recipient’s identity by both voice and face. (See One Simple Way Lawyers Can Combat Voice Cloning and Deepfakes.)
- Initiate the calls from your end rather than relying on an incoming call.
2. Integrate wire warning protocols into communications
Prominently warn clients and opposing counsel of wire fraud in engagement letters and email signatures when appropriate. Example:
Important Notice Regarding Transmission of Funds Via Wire. Cybercrime related to falsified wire instructions is becoming increasingly sophisticated, with widely reported instances of fake or “spoofed” emails sending replacement wire instructions to cause the misdirection of funds. These emails are convincing in appearance and, if followed, can result in the permanent loss of all funds sent via wire to the account listed in the email. Before any funds are wired to our firm, you must always independently confirm the wiring instructions in person or via a telephone call to a trusted and verified phone number (which may not be the number contained in an email). Please be especially wary of any email that purports to change wiring instructions as this is a common indicator of a compromised email account.
3. Train – and retrain – staff
- Provide ongoing training for law firm staff on best practices in detecting fraud in online and email communications. (See How to Identify and Avoid Phishing Scams.)
- Make anti-wire-fraud checks part of every settlement and transfer with more than one person involved.
4. Don’t rely on insurance
Know exactly what your coverage includes, but never assume you are protected.
Avoiding ‘financial peril’
Failure to implement and follow established verification protocols guided by the tips above can put your firm and clients at risk. Review your procedures related to financial transactions and educate your team. Stay updated on best practices to ensure your due diligence.
The Thomas Court emphasized that as technology advances, so do the paths of deception:
Innovation in commerce makes financial transactions more efficient and convenient. At the push of a button, money moves around the world almost instantly. Criminals have likewise invented new ways to exploit these advancements — making the ability to remotely and rapidly transfer significant amounts of money now come with a risk that a criminal will exploit the convenience of remoteness by impersonating a party to the transaction and diverting the funds, often irretrievably. As cases show, criminals do this in a variety of ways, including by hacking a party’s authentic email account or by using a spoofed email account that closely resembles a party’s authentic account. The antidote to these innovative fraudulent schemes may involve sophisticated encryption and digital safeguards (e.g., multifactor authentication), or it may sometimes be as old-fashioned and simple as picking up the phone and calling opposing counsel at a verified phone number, or meeting face-to-face to confirm the identity of one’s counterpart and the validity of the transaction details. Either way, this case demonstrates that parties to modern, high-tech financial transactions must remain vigilant in ensuring they are dealing with their authentic peer. Failing to do so may be at their own financial peril.
Staying up to date on issues impacting the legal profession is vital to your success. Subscribe here to get the Commission’s weekly news delivered to your inbox.
One Simple Way Lawyers Can Combat Voice Cloning and Deepfakes