A Calgary retiree said he was "fed up with his stomach" after learning his bank sent more than $ 800,000 of his savings to fraudsters despite the alarm.
Rod McLeod, 75, is a long-time customer at Cidel Bank – one of dozens of private banks in Canada that handles wealth management for people with high incomes or sizable assets.
"This has turned my life upside down," said McLeod, a retired lawyer. "I expect them to protect me."
McLeod sued, accusing "negligence, breach of contract and breach of fiduciary obligations" by Cidel in a claim statement submitted last week.
This is another case of what is a multibillion-dollar problem in Canada and the US, according to authorities.
Wire fraud is a "big deal" and "very rampant," investigator and former FBI agent Don Vilfer told Go Public, that better laws are needed in Canada and the US to protect bank customers.
"Laws in Canada and the US are behind when it comes to requiring financial institutions to take certain steps … [to prevent] this kind of thing, "Vilfer said.
In September 2018, McLeod was eager to make an offer at a condo in Rancho Mirage, California – north of Palm Desert.
He asked Cidel to send a deposit to a California bank account and wait for instructions on a balance of US $ 619,000 ($ 820,000 Cdn).
A few weeks later, an email that allegedly came from the sales agent handling the sale, said that the balance had to be given to another bank – Chase Bank in Denver, Colo.
Although his escrow agent had warned him, two months earlier, of a sudden change, McLeod said the warning was forgotten in a push to close the deal.
The seller, he said, was a billionaire. "So it makes sense that he turns in several places."
McLeod sent new instructions to his contacts at Cidel.
But the email was not from his partner, Brady Sandahl. It was from a new e-mail address, made by fraudsters who changed the last two letters of the Sandahl name so that, at first glance, it looked legitimate.
When the email arrives at Cidel, it appears the bank's email server flags it, pasting "IMPRESSED MESSAGE" on the subject line.
Despite the warning, a bank employee sent an e-mail to the fraudster, asking for the address of the bank account holder – adding senior Cidel and McLeod employees to the email thread.
McLeod said his excitement about condos made him better. He did not see e-mails being flagged, and, he said, had no prior experience sending money to other countries.
"I don't do this every day. This is something completely new to me," he said.
"My wife said, 'You want it too much, you ignored the red flag.'
McLeod and his wife allow transfers. The money fell to Denver, where fraudsters quickly moved most of it to the Bank of China in Hong Kong.
A few days later, when McLeod asked about the next steps, it became clear that he was a victim of fraud.
"I don't think this is possible," he said. "It's impossible."
Chase Bank was able to keep US $ 26,000 from being transferred, and the money was returned to McLeod.
McLeod hires Vilfer to investigate. Since leaving the FBI more than a decade ago, Vilfer has testified in more than 100 cases, often providing expert testimony about digital forensics in cases involving wire fraud.
"This is very beneficial for fraudsters when they can do it," he said. "We have one client who lost $ 14 million – and they are [fraudsters] do this all day long. "
In his report to McLeod, Vilfer said the broker's email account might be compromised and recommended further analysis of the broker's device and account.
"With this type of email piracy fraud, in my experience, a broker or mortgage broker is the target," he wrote.
Sandahl did not respond to calls for comments from Go Public.
The problem of millions of dollars
This case is an example of what researchers call "business email compromise" – a type of wire fraud that targets businesses and their customers. Typically, fraudsters hack into business email accounts and disguise themselves as senders, instructing customers to divert money.
Go Public recently investigated this type of fraud, and spoke with a Toronto area businessman who lost nearly $ 3,000.
Compromised business email – especially in the real estate sector – caused an estimated loss of US $ 12 billion over the past five years, according to the FBI. Such fraud was reported in 150 countries, and all 50 U.S. states.
Vilfer said McLeod's bank – Cidel – should stop fraud.
"You have a flag in the e-mail that is a suspicious message," Vilfer said. "And with this kind of deception that is so prevalent … which certainly causes some kind of alarm, to look further at this and see why this is marked?"
"Good technology … apparently ignored," he said.
In a claim statement against Cidel, McLeod's lawyer, Brett Code, accused the bank's actions "represent a clear departure from the standard of care required, and constitutes a major omission."
He sought full compensation for the loss of McLeod.
No charges have been proven in court and Cidel has not yet responded to the claim statement.
In one of two e-mails to McLeod, Cidel CEO Craig Rimer wrote: "We are very sorry you have to go through this terrible experience and for the financial loss you have experienced."
However, he writes, Cidel has no obligation to replace McLeod.
In the second one-line e-mail, Rimer blamed McLeod for wire fraud, writing, "The introduction to the e-mail address came from you and you authorized the transaction after many commutes between them. [fraudsters] and you."
Rimer refused to be interviewed but sent a statement to Go Public saying, "We act according to written instructions and are signed from a wire sent to us by our clients."
He will not spell out what policies exist in the bank when it comes to making wire transfers, but writes that Cidel acts with full compliance with all industry standards and that the bank will continue to assist its clients in recovering funds from "unscrupulous third parties."
Better protection is needed
There is no law in Canada or the US that requires financial institutions to confirm the identity of the bank account holder who received a wire transfer to prevent fraud and protect customers.
This is considered a best practice for banks to confirm that they send client money to the right destination, but Vilfer – a former FBI agent – thinks that it needs to be legal.
"We only rely on banks to do the right thing," he said. "It would be a good idea for the United States and Canada to tighten legal requirements; require policies to protect against fraud of this kind."
The largest insurance company in the U.S. bank, ABA Insurance Services, said recently that it was "important" that banks begin making telephone calls to authenticate wire transfers, among other procedures.
McLeod knew that his lawsuit against Cidel could drag on for years.
"If I don't win this, I throw good money after bad," he said. "And they can last longer than me. I'm 75 years old."
He also transferred his remaining assets to another management company.
Submit your story idea
Go Public is an investigative news segment on CBC-TV, radio and the web.
We tell your story, explain mistakes, and hold responsible power.
If you have news for public use, or if you are an insider with information, contact GoPublic@cbc.ca with your name, contact information, and a brief summary. All emails are confidential until you decide to go public.
Follow @CBCGoPublic in twitter.