A recent decision by the Rostock Regional Court impressively illustrates the financial risks of careless behaviour in digital business transactions. Anyone who falls for a fake email and makes payments to a manipulated account may be responsible themselves - even in the case of a clear fraud scenario. In the judgement handed down on 20 November 2024 (case reference: 2 O 450/24), a company was obliged to make another payment despite a phishing attack.
Specifically, the case concerned a construction contract that a construction company had awarded to another company for interior work. After the contracted company had sent a regular partial invoice by email, unknown third parties managed to create a deceptively genuine-looking copy of this message. In this manipulated version, only the bank details had been changed. The client took advantage of the deception and transferred around 37,730 euros to the fake account.
When the actual payment failed to materialise, the construction company demanded the sum again. The recipient company invoked the phishing scam and argued that it had already fulfilled its payment obligation.
However, the regional court rejected this argument. For a monetary debt to be effectively fulfilled, the amount must be received by the legitimate creditor - a payment to an unauthorised third-party account is not sufficient. The judges also emphasised that the deception could have been avoided, as anomalies in the email were recognisable and verification of the account details would have been obvious if sufficient care had been taken.
The judgement sends a clear signal: companies must pay increased attention to payment transactions. A bank transfer to fraudsters, even if it appears deceptively genuine, does not exempt companies from their contractual payment obligations. Anyone who ignores warning signs or fails to carry out verification runs the risk of having to bear the financial loss themselves.
Source: https://www.onlinehaendler-news.de