PropertyTime Logo
Don’t gamble with banking details via email

Don’t gamble with banking details via email

Electronic invoices and banking details received via email are commonplace. Do you confirm banking details by telephone? Do you double-check for changed account details? Are you wary of suspicious activity? For many, ignorance is bliss, with invoice and banking details taken at face value and payment made without thought to the potential cybercriminal lurking in the shadows. If this is you, read on about the dire consequences that could follow from such ignorance. 

The recent case of Edward Nathan Sonnenberg Inc. v Judith Mary Hawarden (421/2023) [2024] ZASCA 90 (10 June 2024) sounds like a resounding warning to all consumers to take precautions to ensure they don’t fall victim to increasingly clever cybercriminals.

In this case, Ms. Hawarden intended to pay the purchase price of a property to Edward Nathan Sonnenberg Inc. (ENS) unknowing that her email account had been hacked by cybercriminals. The email correspondence between herself and staff from ENS had thus been intercepted and the banking details to which payment of the purchase price should have been made were altered. Mrs Hawarden failed to confirm or verify these details before effecting payment and subsequently paid an amount of R5.5 million into the bank account of the “fraudsters”. This fraud was only uncovered later, and the money was unretrievable.

Ms Hawarden took the matter to the High Court where she was awarded R5.5 million against ENS. However, on the 10th of June 2024, the Supreme Court of Appeal (SCA) handed down a judgment overturning this High Court ruling and setting aside the order of the High Court.

When hearing the matter on appeal, the SCA considered whether the element of wrongfulness had been established for a successful claim arising out of the alleged omission of ENS to safeguard Ms Hawarden against cybercrime. The Court took into account multiple factors when considering the issue of wrongfulness including that Ms Hawarden was not a client of ENS; there was no contractual relationship nor attorney-client relationship in existence at the time of the incident; the loss resulted due to Ms Hawarden’s email account having been hacked; Ms Hawarden had been warned about the risk of cybercrime; and Ms Hawarden had failed to confirm or verify the banking details before making payment. The SCA concluded that although Ms Hawarden had ample means to protect herself, she had failed to take reasonable steps to mitigate the risk of cybercrime. 

It was further stated that the High Court’s view that creditors have a legal duty to protect debtors from potential cybercrime is “untenable”, and if upheld, would have serious implications for all creditors who send bank details to debtors via email. The SCA held that the judgement presented a real danger of indeterminate liability, referring to the case of Country Cloud Trading CC v MEC, Department of Infrastructure Development, Gauteng 2015 (1) SA 1 (CC) wherein the Constitutional Court stated that “if claims for pure economic loss are too-freely recognised, there is the risk of liability in an indeterminate amount for an indeterminate time to an indeterminate class”.

Ms Hawarden is one of many who have been targeted and victimised by cybercriminals. It is estimated that these criminals send around 3.4 billion seemingly trustworthy yet dangerous emails each day, which equates to over a trillion emails annually. The International Monetary Fund’s 2024 Global Financial Stability Report confirms the drastic increase in cyber incidents, stating that the size of losses incurred has more than quadrupled since 2017. The case of ENS v Hawarden emphasises why it is important for consumers to take precautions and implement reasonable steps to protect themselves against cybercrime, as those who are victimised may have no viable recourse to mitigate their loss.


Disclaimer: This article is the personal opinion/view of the author(s) and is not necessarily that of the firm. The content is provided for information only and should not be seen as an exact or complete exposition of the law. Accordingly, no reliance should be placed on the content for any reason whatsoever and no action should be taken on the basis thereof unless its application and accuracy has been confirmed by a legal advisor. The firm and author(s) cannot be held liable for any prejudice or damage resulting from action taken on the basis of this content without further written confirmation by the author(s). 

Source: SeymoreDuToit&Basson

15 Sep 2024
Author Pierre
Share
7 of 195