| Authority: | High Court |
|---|---|
| Jurisdiction: | South Africa |
| Type: | Violation |
| Relevant law: | N/A |
| Outcome: | Violation |
| Started: | 2019 |
| Decided: | 16 January 2023 |
| Published: | 16 January 2023 |
| Fine: | R5.5 million |
| Parties: | Judith Hawarden v Edward Nathan Sonnenbergs (ENS) Inc |
| Case No.: | (13849/2020) |
| Appeal: | N/A |
| Original Source: | SAFLII.ORG |
| Original contributor: | MZIZI Africa |
Contents
Judith Hawarden (the “Plaintiff”) succeeded in suing ENS for the loss of R5.5 million because of a Business Email Compromise (BEC). The Plaintiff was an ENS’ client who wired money to the firm using account details provided in an email but unaware that the emails had been compromised. The court said that ENS owed a general duty of care to The Plaintiff because as a law firm, ENS was aware of the risk of business email compromises.
The Plaintiff agreed to purchase a property for R6 million and paid a R500,000 deposit into the real estate agency's trust account after verifying their banking details due to a BEC warning.
The seller then appointed ENS as the conveyancing attorney.
Ms. Hawarden then exchanged various written and verbal communications with Ms. Maninakis at ENS, primarily discussing the interest that Ms. Hawarden's money would earn in the ENS trust account. Maninakis subsequently confirmed that she could transfer the outstanding amount in cash directly to ENS.
Hawarden received an email from what appeared to be Maninakis’s email later that day - what she believed was a follow up to their earlier conversation.That email contained the firm’s bank account number, as confirmed by First National Bank.
What Hawarden did not notice was that the email address was from ensafirca.com - not ensafrica.com. She also neglected to confirm the banking details before transferring the remaining amount to the law firm responsible for the property transfer.
These written communications had however been intercepted and altered by fraudsters, specifically in relation to ENS's banking details. Consequently, in a BEC attack, hackers intercepted an email from the law firm, altering the banking details, causing Hawarden to mistakenly transfer R5.5 million to the hackers' account.
Despite efforts, the bank couldn't retrieve the funds.
The Plaintiff sued the law firm, arguing they failed in their duty of care by not warning her about BEC risks and sharing secure banking details prior to her payment.
The court ordered: