An employee who was a victim of a £200,000 email scam has been told she does not have to
repay £108,000 to her employer.
Patricia Reilly, a credit controller working for Peebles Media Group, mistakenly transferred a total of £200,000 to a fraudster. The company was refunded £85,000 by the banks, but sued Reilly for the
The Court of Scotland has now ruled in favour of Ms Reilly, not finding her in breach of obligation in what they described as a “tragic case”. The scam itself is known as ‘whaling’ where fraudsters deliberately target junior employees. Key to this case was the fact the Reilly’s manager was responsible for the first payment which had been made by Reilly using her manager’s security details.
The Judge, commenting on the case and the fact that Reilly ignored a fraud warning, said “The fact that she [Reilly] was holding the fort for more experienced members of staff put her at a significant
disadvantage. I do not consider that the defender was in breach of her implied obligation of reasonable skill and care in failing to read the fraud warning, nor do I consider that it would have made any difference had she read it.”
Scammers are becoming more sophisticated – in this case deliberately targeting a junior employee holding the fort on behalf of more senior members of staff. Scams such as these are also becoming ever harder to spot. It is therefore important to ensure staff are trained on how to spot cyber-attacks and scams and that this training is updated regularly as fraudsters’ methods evolve.