top of page
Search

CYBER CRIME AND EMAIL INTERCEPTIONS: HOW TO AVOID FRAUDSTERS

Definition of Cybercrime: criminal activities carried out by means of computers or the internet, which include illegally accessing a computer system or intercepting data.

 

Definition of Business Email Compromise (BEC): an exploit in which an attacker obtains access to a business email account and imitates the owner’s identity, in order to defraud the company and its employees, customers or partners.

 

Abbreviations:

BEC – Business Email Compromise

ENS – Edward Nathan Sonnenberg Inc.

SCA – Supreme Court of Appeal

 

On the 10th of June 2024, a significant judgment was handed down by the Supreme Court of Appeal (SCA) in Edward Nathan Sonnenberg Inc v Hawarden (Case No 421/23) [2024] ZASCA 90 (10 June 2024) which sheds some light on the nuanced issue of liability and the risks involved when falling prey to cybercrime.

 

The core issue before the SCA revolved around whether Ms. Hawarden (Respondent) had satisfied the criteria for proving wrongfulness in her delictual claim for pure economic loss. The case unfolded from a property transaction in which Ms. Hawarden, the respondent, fell victim to cybercrime.

 

In May 2019, Ms. Hawarden purchased a property and made a deposit into the trust account of Pam Golding Properties (Pty) Ltd, the estate agent involved in the transaction. Subsequently, during communication with ENS, the conveyancing law firm for the property transfer, Ms. Hawarden's email was unlawfully intercepted by a perpetrator of BEC. The criminal manipulated the email correspondence by replacing the banking details with fraudulent particulars, removing warning letters, and leading Ms. Hawarden to transfer the balance of the purchase price into the fraudster's account.

 

Ms. Hawarden could have easily avoided falling prey to BEC by using one or more of the following preventative measures PRIOR to making payment:

 

1)     Verify unexpected requests for payment by contacting the sender thereof;

2)     Double-check sender details, such as the email address (by clicking on the name to

reveal the address), or call the sender to confirm the banking details telephonically;

3)     Refrain from sharing sensitive information or making financial transactions based solely

on email instructions; and

4)     Ensure that she remains aware that BEC perpetrators is a real and prevalent risk in

industries where payments are generally dealt with via email.

 

It is worth highlighting that one of the most common ways of achieving business email compromise is by creating an email address that is very similar to that of the real sender of banking details, such as removing or adding a single character to the email address, and tricking receivers into overlooking the minor change in their daily hustle and bustle.

 

As a recourse, Ms. Hawarden instituted legal action against ENS for failing to warn her about the risks involved in BEC, wherein she initially succeeded in the Gauteng Division of the High Court, Johannesburg. ENS, with the necessary leave of the High Court, appealed the matter to the SCA, wherein the latter had quite the different approach. The SCA noted that common law dictates that economic loss due to an omission does not automatically ensue liability. Since there was no attorney-client relationship at the time of loss, ENS could not be held liable. Acting Judge of Appeal FBA Dawood highlighted Ms. Hawarden’s awareness of BEC risks, due to her previous payment interaction with the estate agent, wherein the same was cautioned. Despite being informed of caution, Ms. Hawarden failed to verify ENS’s banking details, which led the SCA to hold her responsible in neglecting to protect herself. This led to the SCA absolving ENS of any responsibility and set the initial High Court order aside, with costs.

 

In conclusion, the SCA's decision serves as a reminder that individuals must take reasonable steps to safeguard themselves against known risks, particularly in the current age of cybercrime. This case underscores the importance of vigilance and due diligence in transactions involving sensitive financial information, ultimately highlighting the crucial role of personal responsibility in mitigating risks and losses.

 

At VST Attorneys, we prioritize mitigating the risk of cybercrime by employing comprehensive strategies, such as encrypted banking documentation being sent in separate correspondence, together with authentication features such as password protected statements being sent directly to the contracting party.

 

Contact us today for your trusted legal advice.


Written by: PW van Der Westhuizen (CA)

Edited by: AJ Truter (director)



53 views0 comments

Comments


bottom of page