(Photo: Bigstock)

An insurance company has sued a Villa Rica attorney and alerted the Federal Bureau of Investigation after more than a half-million dollars meant to settle a claim was misdirected to the lawyer’s trust account and vanished.

The missing money was part of $3.1 million settlement that ended up in the account of James “Jay” Davis III in what the complaint filed Monday in the U.S. District Court for the Northern District of Georgia described as a fraudulent scheme involving the lawyer and an unknown number of “John Doe” co-defendants.

More than $2.5 million was returned after Coface North America Insurance Co. discovered the alleged fraud, but Davis said there was nothing else left in his trust account, according to the suit.

The scheme purportedly involved an intercepted email, and the creation of a fake email account mirroring that of the insurer’s corporate client, except that its domain name ended in “.cf” rather than ”.com.” The .cf domain is used by websites in the Central African Republic.

Davis, whose website says he specializes in property, probate and family law, said in email that he could not discuss the case and that he had retained counsel.

“It's a contract matter against my firm gone awry on the part of the plaintiff in this case,” Davis said. “They're looking for someone to blame for the problem on their end.”

“I feel like I'm more of a victim in this matter than anything else,” Davis said.

The complaint offers no indication as to how Davis got involved or whether he willfully participated in the scam.

In an email attached to the complaint, Davis told Coface’s counsel last week that news of the mishandled funds was “distressing” and that his Interest on Lawyer Trust Account account had been emptied after reimbursing the insurer.

The email also said Davis contacted the State Bar of Georgia, which advised him to get a lawyer.

The attorneys representing Coface, Christopher Freeman and D. Barrett Broussard of Carlton Fields Jorden Burt in Atlanta, were not authorized to comment.

Coface is a global credit insurer that provides coverage for businesses whose customers cannot pay their bills.

According to its complaint, Coface agreed to pay about $3.1 million in December to settle a claim under a commercial trade credit policy. It sent an email on Dec. 18 requesting payment instructions from its insured, including wire transfer information for the client’s Citibank account.

The next day, Dec. 19, Coface received an email reply purportedly from its policyholder that included its original message in the email chain.

The message said “Please disregard the below bank details i sent you and check a attached Letter of authorization with our updated bank details for payment.” The grammatical and typographical errors are noted in the complaint.

Attached was a “Letter of Authorization and Declaration” saying “our bank account details which was provided for payment yesterday is undergoing its yearly audit and we cannot receive any payment with that account at the moment. Below is our ATTORNEY bank details for payment.”

The letter provided a Wells Fargo bank account in the name of “J. Davis - Attorney at Law IOLTA.”

The letter sported the policyholder’s corporate logo and the signatures of what appeared to be its CEO and two other corporate representatives.

Coface responded with a request for Davis’ tax information and was provided with his W-9 form, tax number and address, and then transferred $3,093,085 into his trust account.

Over the next several days, “the imposter(s) made inquiries with Coface’s representative regarding the status of the wire transfer. Coface responded that the wire had been sent as directed.”

On Dec. 31, the “imposter(s)” emailed Coface again, saying Davis had informed them the payment arrived.

The same day Coface learned the emails with its policyholder had been compromised and that, from Dec. 18 on, “emails were being received from and directed to an email that was identical in all respects to the email address of the actual policyholder representative, with the exception that ‘com’ had been replaced with ‘cf."”

On Jan. 1, Coface learned that its policyholder had also been sent a bogus email, purportedly from the insurer, in an effort to delay discovery of the scheme.

That message said, “Please note that we have received information from our account department that due to the holiday the payment will have some delay and it’s going to be received in your sic on the 4th of January.”

Coface immediately reported the scam to the FBI, Wells Fargo and Citibank, the complaint said.

On Jan. 3 Coface sent a cease and desist order to Davis demanding the return of its money. Wells Fargo credited $2,540,319 to the insurer’s account, but $552,766 remains unaccounted for.

In his Jan. 8 response email, Davis said Wells Fargo had transferred all of his IOLTA funds—including about $3,500 belonging to other clients—to the insurer and closed his account “because I received funds from your client as the source that reported fraud on that wire delivery.”

“I will need to figure out how to deal with that issue,” Davis wrote.

Coface’s lawyers demanded on Jan. 8 a “full accounting” by 3 p.m. the next day, which the complaint said has not been forthcoming.

“Coface has no knowledge as to whether any of the missing funds remain in the custody or control of one or more defendants,” it said.

The complaint names Davis and 1-50 John Doe co-defendants and includes counts for racketeering, computer fraud, common law fraud, conversion, and money had and received.

It also seeks an injunction and temporary restraining order “to prevent Davis from further concealing funds or divesting himself of funds and assets that would deprive Coface from the ability to recover the remaining funds that Davis has already acknowledged is owed to Coface.”