(011) 463 5580
Mon - Thurs 08:30-16:30 | Fri 08:30-16:00
Call Now

It’s phishing season and there is a lot on the line

Phishing is a type of “Business Email Compromise” or BEC (an electronic scam), where a hacker is able to intercept correspondence, usually emails, and either mislead/redirect one or more of the parties to clicking on links or websites or ever-so-slightly changing information in the correspondence that may appear as though it comes from a trusted source but has in fact been altered to further the ends of the duplicitous fraudster. An example of this, as illustrated in the recent SCA case of Hawarden v ENS would be where a hacker amends the banking details of one party from the true information, to reflect their own.

In Hawarden, the court had to consider whether ENS could be delictually liable for the pure economic loss suffered by Hawarden in a conveyancing transaction. Hawarden had purchased immovable property from a third-party seller, who had appointed ENS as the conveyancer. During the course of the transaction, a hacker intercepted the correspondence between Hawarden and ENS. The hacker sent correspondence to Hawarden in which the hacker had changed ENS’s bank details to their own for the purpose of receiving, fraudulently, the purchase consideration for the property.

The court, in considered the testimony of both parties, and focus, due to the nature of the claim,  centered on whether or not ENS owed a duty to Hawarden to not only warn her of the increasing nature of these types of scams; but also to implement certain protocols to prevent them altogether.

Finding for Hawarden, the court held that a party to a contract must uphold their responsibilities and obligations under an agreement and can be held liable for any losses or damages resulting from their failure to do so. The court held that ENS had did owe a duty of care to Hawarden and had accordingly breached this duty breached, thus being the proximate cause of the economic loss suffered.

The court found that ENS had failed to warn Hawarden of the potential risks and were all times in control of the ways in which bank details were conveyed. The court noted further that even though it is a very common practice for conveyancing firms to transmit banking details via email, “It does not absolve the defendant of its unsafe behaviour, which it knew at the time was unsafe and knew to take precautions against. It is not as if the defendant did not know better.” The court found that an individual or company is required to act with a certain level of care, exercise reasonable diligence and effort, and maintain appropriate safety measures in order to fulfill upon their contractual obligations.

The court ordered ENS to pay the defrauded amount to Hawarden; an amount of R 5 500 000.00.

This case illustrates the importance of upholding the duties and obligations that are borne of any contractual agreement. In matters such as this, and as expressed by the court, there are very simple measures that can and should be put in place to prevent such losses from arising. Some such measures that would be expected of anyone to a contractual agreement would include:

  • Implemented password-protection on sensitive documents. This can easily be achieved through a variety of software.
  • Advising customers of the risks that exist and drawing attention to the type of behaviors that hackers will attempt to copy. It is common practice for firms to state in their email signatures that they will NOT notify customers of a change in bank details via email.
  • Pay close attention to detail – in Hawarden, the hacker misspelled the word ‘Africa’ in their fraudulent correspondence. There are always small details that the hacker cannot overcome, and a sharp eye could save a would-be victim a world of pain. When in doubt, call the other party just to make sure.

This case illustrates how important it is to evolve with the times such that where novel problems present themselves, equally inventive solutions must be applied; lest we fall for these scams hook, line and sinker.