After yet another cyberfraud scam, the public have been reminded to make sure the banking details of recipients of money are correct before they pay over large amounts, after a woman lost R5.5 million to fraudsters.
Judith Hawarden thought she paid this amount over to the conveying attorneys after she bought a property, only to discover she was a victim of cyberfraud.
The high court earlier found leading law firm Edward Nathan Sonnenberg Inc liable to pay this amount back to her. But the law firm turned to the Supreme Court of Appeal, which ruled in its favour.
Hawarden purchased a property from a family trust for the sum of R6 million in May 2019. Pam Golding Properties, the estate agent mandated by the seller to market the property, sent Hawarden an email at the time, congratulating her on the purchase and asking her to deposit R500 000 into its trust account.
The email contained a notice that warned Hawarden of the ever-present risk of cybercrime, and advised her to call the agency to verify its banking details. Further warnings pertaining to email hacking, phishing and cyberscams appeared in the attached letter containing the banking details of the estate agent.
Hawarden effected payment of the deposit into the trust account of the agency after she verified the banking details telephonically with them.
Edward Nathan Sonnenberg (ENS) Inc, the trust’s appointed conveyancers, meanwhile prepared the documentation for submission to the deeds office, to effect the transfer and registration of the property into the name of Hawarden. She was copied in this correspondence.
In August 2019, an email was sent by a secretary in the property division of Edward Nathan Sonnenberg Inc to Hawarden with an attached letter setting out the necessary guarantee requirements (an actual letter containing the correct banking details of Edward Nathan Sonnenberg).
Unbeknown to both the secretary and Hawarden that letter was intercepted by a cybercriminal, who had some days earlier gained access to Hawarden’s email account.
The next day Hawarden received an email purporting to be from the secretary, setting out the guarantee requirements and furnishing Hawarden with Edward Nathan Sonnenberg’ banking details (a fraudulent letter containing banking details of the fraudsters).
In response to this letter, Hawarden telephoned the secretary to discuss the letter and asked whether, if the bank was unable to furnish the guarantees by September 3, 2019, she could elect to transfer the outstanding amount directly to Edward Nathan Sonnenberg.
The secretary confirmed that this could be done and said she would email two more documents to Hawarden, namely a letter to Standard Bank with guarantee requirements and a document from FNB providing the bank account details of Edward Nathan Sonnenberg for purposes of a direct transfer of the balance of the purchase price to Edward Nathan Sonnenberg.
The secretary then sent the email with attachments, including the guarantee requirements and the banking details of Edward Nathan Sonnenberg on an FNB letterhead as well as a letter from FNB warning of the dangers of cyber crime and fraud.
This email was not received by Hawarden. Instead, later that day she received an email that appeared to be a follow-up to her conversation with the secretary earlier that day. Hawarden failed to notice that the word “Africa” in the secretary's email had been changed to “Afirca.
She was unaware at that stage, and only subsequently learnt, that the email purporting to have been issued from the secretary, had been manipulated, the banking details of Edward Nathan Sonnenberg altered and the warning letter from FNB had been removed.
Hawarden subsequently effected a transfer into what she believed was the Edward Nathan Sonnenberg bank account.
In making the payment, she used the banking details provided in the fraudulent email and transferred the money into the fraudster’s FNB bank account, in the belief that she was making a payment into the banking account of Edward Nathan Sonnenberg.
Hawarden’s money was withdrawn in the period between the payment by EFT and her becoming aware of the fraud. The beneficiary bank, FNB, was unable to retrieve the misappropriated funds.
She instituted action against Edward Nathan Sonnenberg for the recovery of the R5.5 million. She claimed, among others, that Edward Nathan Sonnenberg and its authorised employees or representatives, who interacted with her in regard to the property transaction, owed her a legal duty to ensure that she does not fall victim to cyber fraud.
Edward Nathan Sonnenberg denied knowledge of the allegations and averred that if correspondence that it had sent or received was fraudulently intercepted, altered and forwarded to Hawarden, then unbeknown to it a hacker had gained access to Hawarden’s email account. The hacker had interposed himself or herself between Hawarden and those to whom she sent and from whom she received email messages, thereby altering her incoming and outgoing messages and their attachments.
Edward Nathan Sonnenberg specifically denied that its employees had a legal duty to advise Hawarden on the payment, which she made from and with the help of her own bank.
Edward Nathan Sonnenberg denied that its conduct was either wrongful or negligent and in the alternative pleaded contributory negligence.
The Gauteng High Court, Pretoria, however, earlier found that Edward Nathan Sonnenberg was liable to pay her back the money she had lost.
But Judge Fathima Dawood, in an unanimous judgment by the SCA, said a finding that Edward Nathan Sonnenberg was liable, would have profound implications, not just for the attorneys’ profession, but for all creditors who send their bank details by email to their debtors.
“The ratio of the high court judgment that all creditors in the position of Edward Nathan Sonnenberg owe a legal duty to their debtors to protect them from the possibility of their accounts being hacked is untenable.
“The effect of the judgment of the high court is to require creditors to protect their debtors against the risk of interception of their payments,” the judge said.
The high court should have declined to extend liability in this case because of the real danger of indeterminate liability, she said.
Pretoria News