A Villa Rica solo who was walloped with a lawsuit accusing him of complicity in an insurance scam that netted unknown crooks a half-million dollars came out swinging this week, accusing Coface Northern America Insurance of trying to blame him for its own slipshod claims handling.

Coface sued James Davis III and 50 “John Doe” defendants in federal court in Atlanta after scammers using bogus email accounts to high-jack a $3 million settlement meant for a policyholder by having it wired to Davis's escrow account.

Coface figured out the scheme and was able to recoup more than $2.5 million, but the rest was already distributed.

The insurer's complaint accused Davis of multiple counts, including fraud and racketeering.

But on Tuesday, his lawyers filed a response brief lambasting the insurer for falling for a scam that included poorly written email messages from an account ending with an address that had been changed from “.com” to “.cf”—a country domain code assigned to the Central African Republic.  

Coface is “an insurance company with egg on its face for its own gross negligence in failing to pick up the telephone to verify a grammatically incorrect change in payment instructions, [and] has lost $550,000,” said the brief filed Tuesday by Richard Hendrix and Emma Cecil of Finch McCranie.

Davis is himself a victim of the same scheme that targeted Coface, it said, and by naming him as a defendant, the company “threatens to destroy the reputation of a lawyer who lacked any knowledge of any fraud. The damage to the lawyer is far greater than $550,000 because he could never undo the damage to his reputation.”

Attached to the response is a copy of the Daily Report's coverage of the complaint and motion for temporary restraining order Coface filed Jan. 14.

The complaint said Coface agreed to pay about $3.1 million to settle a claim last month, and sent an email requesting wire transfer instructions from its insured. The next day, Coface got a typo-riddled email purportedly replying to its message saying “Please disregard the below bank details i sent you and check a attached Letter of authorization with our updated bank details for payment.”

Attached was a “Letter of Authorization and Declaration” saying “our bank account details which was provided for payment yesterday is undergoing its yearly audit and we cannot receive any payment with that account at the moment Below is our ATTORNEY bank details for payment.”

The letter bore the policyholder's logo and the names of its CEO and two executives. After verifying Davis' tax information, Coface wired $3,093,085 into his Wells Fargo Interest On Lawyers Trust Account.

On Dec. 31, the same day the fraudsters emailed Coface saying the payment had arrived, the insurer realized its emails were compromised. Coface contacted Davis, the Federal Bureau of Investigation and Wells Fargo, which returned all the funds in Davis' account—$2,540,319—to the insurer, and canceled his account. Another $552,766 remains unaccounted for.

In email correspondence with Coface, Davis said about $3,500 of the money Wells Fargo turned over belonged to other clients.  

Judge Amy Totenberg of the U.S. District Court for the Northern District of Georgia ordered Davis to file a response to the motion for TRO by Tuesday.

In that response Davis' lawyers, Richard Hendrix and Emma Cecil of Finch McCranie, argued that Coface, which “asserts that it is a worldwide leader in its industry,” is far better positioned to know that it was being targeted than Davis.

“Davis was duped into acting as an escrow agent/paymaster for funds wire transferred into his IOLTA escrow account,” they wrote.

It is “undisputed” that, “once Davis was notified that he had become involved in a fraudulent scheme that he cooperated with [Coface] and returned the monies remaining in his escrow account that had not then been distributed.”

Coface, in contrast, “ignored numerous grammatical errors” in the fraudsters' email “and also apparently never attempted to verify the signature of the President/CEO of the policyholder,” which “apparently allowed its emails to be hacked.”

“All of this was gross negligence and no reasonable person would have relied on these identifiable false representations by the 'imposters,'” Davis' brief said.

“It was as if [Coface] left its money in a public place anyone could obtain it,” it said.

Coface is represented by Christopher Freeman and D. Barrett Broussard of Carlton Fields in Atlanta.

In an email, Freeman said his client is not backing down.  

“We are aware of Mr. Davis' response and will continue to pursue in court recovery of the approximately $560,000 that remains missing and unaccounted for out of the $3.1 million Coface deposited into Davis' account,” Freeman said.

Roy Hadley Jr. an Atlanta attorney at Adams & Reese with experience in cybersecurity matters, said it appears Coface was the victim “spearfishing.”

“These are very elaborate plans that often target law firms, real estate companies, insurance companies—any company that does a lot of wire transfers,” said Hadley, who is not involved in the litigation. “There's money flowing back and forth, it's not unusual for somebody to wire $3 million—that's not going to raise any red flags.”

The first step is to find out who the executives are and ascertain their email addresses.

“Once I have that, I can send you a very specific email with an attachment,” Hadley said. “If you're a real estate closing attorney, for example, I can send you a message: 'New Closing Regulations for 2018.' That looks interesting, so you may click on it—then you've downloaded software to your email account I can access.”

“When I see you're doing a closing on this particular day, I can send the payor a message saying, 'oh we need to change the wiring instructions.'”

From there, it's a matter of using a domain hosting company to get an email address that looks familiar to the intended victim.

“I'm expecting this email, so when it comes I say, 'Oh, they need to change the bank information. OK,'  and send it to this guy's IOLTA account,” Hadley said.   

Davis was likely picked as a conduit precisely because of his small practice, Hadley said. The culprits were likely looking for a small firm or solo attorney that doesn't have security procedures in place.

The likelihood that Davis was in on the a con is small, Hadley said.

“I have to assume he's not complicit. If you're a lawyer scamming out of your IOLTA account you're crazy, because it's going to lead right back to you,” he said.

As to Coface, Hadley said he tells his clients to pick up the phone and confirm wire instructions, especially if those instructions change.

“I think Coface is going to have a hard time getting the money from [Davis] because they didn't do what they should have done on their end, and he didn't have anything to do with the original transaction. The best I can tell, he's just some lawyer down in Villa Rica who got caught up in this scheme,” he said.

Butler Tobin partner Jeb Butler's small firm has been repeatedly targeted by email hackers.  

“This is exactly the kind of thing security experts refer to as business email compromise,” Butler said. “My law firm has six people. We have been the attempted victims of email compromise six times in six months.”

In Butler's case, hackers created bogus email accounts in the names of members of his firm.

“One time, three paralegals got emails purportedly from me saying, 'I'm on a conference call, can you do this for me?'” Butler said.

One paralegal followed the bogus Butler's instructions and bought $500 worth of Walmart gift cards.

“I guess he was going to have her send them to him, but the other paralegals figured out it was scam,” he said. “So now I've got $500 worth of Walmart gift cards at my office.”

In the Coface case, he said, “it's the same thing: somebody just spoofed the policyholder's email address. You prevent this by looking at the name and address on the email account.”

Holding the actual scammers accountable is unlikely to happen, Butler said.

“We'll never know who they are, if you did find out what good would it do? Probably someone in China, Algeria. What are you going to do, sue some teenage hijacker in Zaire?”

Butler added Davis was almost certainly not part of the scam.

“If he's not a victim, he'd have to be very dumb, and I don't think anybody could be that dumb and still pass the bar exam,” Butler said.

Read more:

Lawsuit Claims Insurance Fraud Scheme Sent $3M to Lawyer's Trust Account

Firing of 3 Black Administrators Ends in $1.5M Race Discrimination Settlement With State

Former Ogletree Partner Lodges New Gender Bias Suit