Phishing e-mail: Liability risk for GmbH managing directors?

 If managing directors fall into a phishing e-mail trap, they are not always liable for any damage caused.

Phishing e-mail: Liability risk for GmbH managing directors?

Falling for a phishing e-mail is annoying and can often prove expensive if you “accidentally” pay money to scammers. The managing director of a GmbH found this out first-hand – but was not liable to the company for the lost money (Zweibrücken Higher Regional Court, decision dated August 18, 2022, Ref: 4 U 198/21).

What exactly is a phishing e-mail?

Phishing is a fraud attempt by electronic means. Phishing frequently uses more or less well falsified e-mail sender addresses from supposedly well-known people or companies (online retailers, online subscriptions, banks, etc.). Phishing attempts primarily occur in a private context but also occasionally in a business context.

In addition to strange e-mail addresses, the warning signs of a phishing attempt include

  • requesting confidential information,
  • an allegedly urgent need for action,
  • links to fake websites and
  • incorrect language.

The first thing you often notice about phishing e-mails are the poorly falsified e-mail addresses. But, sometimes you do not …

Well faked e-mails sent to the managing director

This was the case for the managing director of a GmbH: She received multiple phishing e-mails with requests for payment, supposedly from a business partner. Close examination would have revealed that the sender’s e-mail address did not have the correct “…film.com” ending but actually “…flim.com”. The e-mails were sent by unknown scammers.

The managing director did not notice the incorrect spelling and thought the sender of the e-mails was a business partner she knew. The sole shareholder of the GmbH, who received copies of all e-mail communication between the scammers and the managing director, also failed to notice anything amiss. In the end, the managing director made several smaller payments to the specified accounts, totaling a small six-figure sum.

When the scam was discovered, the GmbH demanded compensation from the managing director because the money was – of course – gone.

Managing director liability only covers specific breaches of duty

However, the company’s claim for damages against the managing director asserting the liability of the managing directors and officers pursuant to Section 43 (2) of the Act on Limited Liability Companies (GmbHG) was unsuccessful. The court did not regard this as the necessary breach of specific management duties.

The accounting department is generally responsible for transferring money to a business partner. Breaches of duty when performing tasks that could have been performed by others in the company does not justify claims for damages pursuant to the liability of managing directors and officers.

No compensation for breach of contract

The company also fails to claim for damages due to breach of the employment contract or for “unlawful acts” arising from the breach of general contractual obligations of an employee. Overlooking the incorrect spelling represented minor negligence at the most and was, therefore, insufficient to justify general civil liability.

The reason: In this specific case, the managing director’s overall decision-making authority was, in fact, so limited that the mitigation of liability based on the principles of employee liability within the framework of internal compensation for damages applied to her. This states that in the event of minor negligence, employees are not liable for breaches of duty in the employment relationship.

Last, but not least, the sole shareholder received copies of the correspondence

The final decisive factor for the court was the fact that the sole shareholder of the GmbH received copies of the entire fraudulent e-mail communication. In this particular case, the court regarded this circumstance as tacit consent to the entire process. For a sole shareholder as in this case, this is also possible even without a formal resolution.

What can we do for you?

Do you have any questions about managing director liability, specifically or in general? Do not hesitate to contact us!

Summary of the key facts:

  • Managing directors are only liable in accordance with the principles governing the liability of GmbH managing directors and officers if their conduct breaches specific management duties.
  • In the case of managing directors who are subject to strongly binding instructions, the general civil liability for damages is mitigated by the principles of employee liability within the framework of internal compensation for damages.
  • As a consequence, these managing directors are only liable to the GmbH for breaches of specific duties as a managing body and in cases exceeding minor negligence.