Appeal court overturns cyber crime ruling
This is a clear message to verify bank account details before paying
The Supreme Court of Appeal has overturned a High Court ruling finding that leading law firm Edward Nathan Sonnenbergs was liable to pay a woman R5.5-million stolen by fraudsters who manipulated emails sent from the firm. Photo: Ben Bezuidenhout via Wikimedia (CC BY-SA 4.0)
- A woman paid R5.5-million to what she thought was the conveyancing law firm for a property she bought.
- But she had been scammed; the email soliciting payment from her was not from the law firm, and the money had been paid into the account of the scammers.
- At the High Court the law firm was found liable for the woman’s loss and was also ordered to pay punitive costs.
- But the Supreme Court of Appeal has overturned the High Court’s decision.
The Supreme Court of Appeal (SCA) has overturned a High Court ruling that had found leading law firm Edward Nathan Sonnenbergs (ENS) liable to pay a woman R5.5-million stolen by fraudsters who manipulated emails sent from the firm.
In an unanimous decision, the appeal court said the liability finding by Gauteng High Court Judge Phanuel Mudau in the case brought by Judith Hawarden would have “profound implications”, not just for the attorney’s profession, but all creditors who send their bank details by email to their debtors.
Acting Judge Fathima Dawood, who penned the judgment, said the High Court’s reasoning that all creditors in the position of ENS owed a legal duty to their debtors to protect them from the possibility of their accounts being hacked, was untenable.
Because Hawarden’s case rested on pure economic loss, extending liability created a real danger of unpredictable, indeterminate liability.
Judge Dawood said Hawarden could have avoided the risk by verifying ENS’s account details, because she had previously been made aware of the risks of Business Email Compromise (BEC) fraud by the estate agency handling her property deal.
She had also elected to not pay ENS through a bank guarantee but through a cash transfer.
“She must in the circumstances take responsibility to protect herself against a known risk,” Judge Dawood said, upholding the appeal by ENS.
The court also set aside a punitive cost order against the law firm and instead ordered Hawarden to pay ENS’s costs.
The case centred around an email Hawarden received from what she thought was the law firm. The email contained details of the account into which she then paid R5.5-million. This was the balance of money owed for the purchase of a property in Forest Town, Johannesburg.
ENS had been appointed by the seller as the conveyancer.
But it emerged that the email had been sent by fraudsters, who then stole the money. Hawarden did not notice that the email had come from ensafirca.com, not ensafrica.com.
In her arguments, Hawarden claimed that ENS owed her a duty of care, and that in corresponding with her, it also had a legal duty to warn her of the danger of BEC, that this was on the increase and that it was already prevalent.
ENS denied liability, claiming that Hawarden herself had been negligent in using an electronic transfer without ensuring that the bank details were correct.
In the High Court, Judge Madau said while Hawarden was not a client of ENS, it owed her a general duty of care. He said ENS conveyed its bank account details to her through an unprotected email which was easily manipulated.
Hawarden, he said, could not be faulted for placing her trust in the firm and the risk of Hawardeen’s loss was “highly foreseeable” by the law firm.
But SCA Judge Dawood said Hawarden’s loss was not caused by ENS or a failure of their systems, but by hackers who infiltrated her email account and fraudulently diverted her payment for ENS into their own account.
Hawarden had been warned by the estate agent, Pam Golding Properties, about this very risk.
She had previously verified Pam Golding’s bank account details and she had not explained why she did not verify ENS’s bank account details.
“Moreover, any warning by ENS of the risk of BEC would have been meaningless, in the circumstances of this case, because by that time the cyber criminal was already embedded in her email account.”
Judge Dawood said there was no reason to shift responsibility for her loss to ENS, and the appeal must succeed.
In the High Court, Judge Madau awarded punitive costs against ENS for breaching Hawarden’s privacy by including irrelevant documents about her divorce and other investments in the court papers.
The SCA has also set this aside, and ordered that Hawarden pay ENS’s costs on a normal scale.
Next: Radiation therapy graduates unplaced for six months by health department
Previous: These Inanda families have to walk to a primary school to use the toilet
© 2024 GroundUp. This article is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
You may republish this article, so long as you credit the authors and GroundUp, and do not change the text. Please include a link back to the original article.
We put an invisible pixel in the article so that we can count traffic to republishers. All analytics tools are solely on our servers. We do not give our logs to any third party. Logs are deleted after two weeks. We do not use any IP address identifying information except to count regional traffic. We are solely interested in counting hits, not tracking users. If you republish, please do not delete the invisible pixel.