A customer receives an email from a supplier with wiring instructions for payment on goods purchased under contract. The email appears to come from the supplier’s legitimate email address, but the wiring instructions identify a different bank account than prior transactions with the supplier. It is late in the day, and the recipient fails to notice that the invoice number in the email is off by a single digit and that the wording of the email differs slightly from prior communications. The funds are wired, but the supplier later claims it never received the payment and that its email account was hacked. The supplier insists payment is still owed because it never received the money, while the purchaser maintains it simply followed the wiring instructions it received and should not be required to pay twice.
In Yangtze R.R. Fasteners Int'l United States v. Ohio Valley Trackwork, 2026-Ohio-1518, Ohio’s Fourth District Court of Appeals addressed this growing issue facing businesses nationwide: who bears the loss when a party wires funds to a fraudster after receiving spoofed email payment instructions.
Issued on April 21, 2026, the decision appears to be the first Ohio appellate decision directly addressing liability allocation arising from a business email compromise (“BEC”) scheme between contracting parties. The opinion provides important guidance for Ohio businesses navigating increasingly common spoofed email and fraudulent wire transfer schemes.
The case arose from a long-standing business relationship between a railroad materials supplier and its customer. After the supplier requested that payment be made electronically instead of by check, the customer received emails appearing to originate from the supplier directing payment to a different bank account. The account was located in a different state and identified the beneficiary as “Lucille A. Tierney DBA Yangtze Railroad Materials.” The customer wired approximately $44,000 to the account identified in the emails, only to later learn the supplier never received the funds. The supplier then filed suit against the customer for breach of contract, alleging the customer failed to pay amounts due under the contract.
Following a bench trial, the Gallia County Court of Common Pleas entered judgment in favor of the customer, concluding that the supplier was in the better position to detect the fraudulent emails because the spoofed messages appeared to come from the supplier’s email account.
The supplier appealed, arguing that the trial court’s judgment in favor of the customer on the breach of contract claim was against the manifest weight of the evidence. The Fourth District reversed the trial court’s decision.
Although the appellate court noted that Ohio law contains little to no authority addressing liability allocation in fraudulent wire transfer spoofing disputes, the court analyzed decisions from other jurisdictions involving similar business email compromise schemes. The court ultimately held that the trial court’s judgment was against the manifest weight of the evidence because the customer—not the supplier—was “in the best position to prevent the loss.”
The appellate court emphasized several ‘obvious red flags’ that should have alerted the customer to the need for additional verification before the wire transfer was sent, including:
- payment instructions directing funds to a bank in New Mexico even though the supplier was located in Maryland;
- identification of an unfamiliar individual, “Lucille A. Tierney,” as the new account beneficiary; and
- the parties’ nearly two-decade history of doing business without prior use of that bank account or dealings with a person named Lucille A. Tierney.
The court specifically stated that the customer should have “at a minimum” called the supplier to verify the authenticity of the wiring instructions before transmitting payment.
The appellate court further noted that it was “not a foregone conclusion” that Ohio should adopt a rule placing accountability for loss on the party in the best position to discover the fraudulent payment instructions. However, the court declined to definitively resolve that legal issue because the validity of the rule itself was not challenged on appeal. Instead, the sole issue before the court was whether the trial court’s judgment was against the manifest weight of the evidence.
Nevertheless, the opinion strongly signals that Ohio courts may ultimately adopt a rule similar to those recognized in other jurisdictions holding that the party “in the best position to prevent the fraud” should bear the loss. The decision also aligns with the federal Sixth Circuit’s reasoning in Beau Townsend Ford Lincoln, Inc. v. Don Hinds Ford, Inc., 759 Fed. Appx. 348 (6th Cir. 2018), which also applied the “who was in the best position to prevent the fraud” framework in a fraudulent wire transfer dispute.
This decision is significant because it signals that Ohio courts may place substantial responsibility on parties to independently verify changed wiring instructions and other suspicious payment requests before transmitting funds electronically. Ultimately, when a dispute arises over a fraudulent wire transfer, Ohio courts may focus less on how the spoofing occurred and more on which party was “in the best position to prevent the loss.”
Businesses should implement internal safeguards for wire transfers, including mandatory verbal verification procedures for new or changed payment instructions, employee training regarding spoofed emails, and enhanced cybersecurity protocols designed to detect and prevent business email compromise schemes.
If you have questions regarding this decision or issues involving business email compromise schemes, fraudulent wire transfers, or cybersecurity-related disputes, please contact one of 花都影视’s Emerging Technologies and Cyber Risk attorneys.
Attorney
Columbus