Pretoria - A leading law firm has to pay R5.5 million to a client after she lost the amount when she thought she was transferring the money to the firm for a house she had purchased but had, in fact, fallen prey to cybercriminals.
Judith Harwarden was under the impression that the email she had received was from Edward Nathan Sonnenbergs Inc (ENS Attorneys) and that the bank account belonged to the firm. Only later did she discover it was a fraudulent message from cybercriminals purporting to be from the firm.
She turned to the Gauteng High Court, Johannesburg, in a bid to get her money back. The R5.5m she had transferred was the outstanding amount after she had purchased a house for R6m. Before that, she had paid R500 000 towards the purchase price.
It emerged that she had paid the R5.5m into a fraudulent account that was part of a “business email compromise” (BEC) perpetrated by an unknown cyber criminal.
Harwarden argued the law firm was negligent as it failed to warn her about the known risks of BEC before she transferred the money. She said the law firm should have taken the necessary safety precautions to safeguard against the risk of harm occasioned by BEC.
She purchased a property from a third party seller who appointed ENS attorneys as the conveyancer.
She said that when she received an email from the law firm’s representative, on the firm’s letterhead, she believed she was paying the money to ENS Attorneys.
Unbeknown to Harwarden, her email account was hacked and the email containing the ENS account details was intercepted by an unknown fraudster and altered to reflect the fraudster’s bank account details. This resulted in the funds, transferred electronically, being deposited in the fraudster’s bank account as opposed to the ENS account.
Notwithstanding the discovery of the fraud, the law firm called on her to make payment of the balance of the purchase price, as it did not receive the money as per the sale transaction.
The parties were unable to resolve the impasse, resulting in Harwarden instituting action against the law firm for her loss of R5.5m as a result of the cyberfraud.
The evidence at trial established that the law firm was aware of the risks of BEC before the fraudulent incident and had failed to warn Harwarden of the known risks of email and pdf manipulation. Nor did it advise her of precautions that could be taken.
It was not in contention that BEC attacks were rife, especially in the conveyancing industry. Judge TP Mudau said ENS Attorneys owed at least a general duty of care to a purchaser of property. The near-universal practice for conveyancers to send their banking details by email did not absolve ENS of its unsafe behaviour.
The judge said Hawarden could not be faulted for placing her trust in ENS, which she knew was a large and reputable law firm. ENS was the proximate cause of the loss in that it provided its own bank account details and was responsible for the accuracy and safety of the transmission.
It was in the interest of society to demand that a legal duty was recognised in the case, he said. “ENS is best placed to understand and prevent BEC. Individuals are generally not as well-placed to respond to the ever-evolving threat of cybercrime, which is sophisticated and technical in nature.”
Pretoria News