![\"\"](\"https:\/\/www.innov8fs.co.za\/blog\/wp-content\/uploads\/2023\/01\/3b77af99fac04b0fa4682df457bb97f8.jpg\")
<\/p>\n<\/p>\n
Africa\u2019s largest law firm has been ordered to pay R5.5 million to a woman who fell victim to a syndicate that hacked her email during a property purchase.<\/p>\n
![\"\"](\"https:\/\/www.innov8fs.co.za\/blog\/wp-content\/uploads\/2023\/01\/18246687100831226501.png\")
<\/div>\nThe hackers changed the bank account number in a PDF emailed to Judith Hawarden by ENSafrica, which was handling the conveyancing of a Johannesburg house she was buying from its client.<\/p>\n
Instead of landing in the law firm\u2019s trust account, Hawarden\u2019s money ended up in the account of one of the hackers, and swiftly disappeared.<\/p>\n
After the discovery of the fraud, ENSafrica wrote to Hawarden demanding the money a second time, and she sued the bank for failing in its duty of care by negligently failing to warn her about the dangers of hacking or taking precautions to prevent it.<\/p>\n
Three-and-a-half years later, the Johannesburg high court ruled in favour of Hawarden on Monday, ordering the firm to pay her R5.5 million plus interest and the costs and fees of two expert witnesses.<\/p>\n
Judge Phanuel Mudau said even one of ENSAfrica\u2019s own experts admitted in court that the firm could have done much more to avoid the fraud, and it could have cost as little as R2,000 a month to implement a technical solution.<\/p>\n
\u201cBut for the negligent transmission of its account details and failure to warn Hawarden upfront of the inherent danger of business email compromise, she would not have suffered the loss,\u201d he said.<\/p>\n
\u201c[ENS] was an expert conveyancer and was facilitating and managing the transaction. The risk of loss to Hawarden was highly foreseeable by ENS.\u201d<\/p>\n
Mudau dismissed the law firm\u2019s argument that a ruling in Hawarden\u2019s favour would expose all conveyancers to claims of the same kind by third parties with whom they have no relationship.<\/p>\n
\u201cENS owed at least a general duty of care to \u2026 Hawarden,\u201d he said. \u201c[This] arose from the moment it accepted the brief to act as conveyancer in the transaction. [She] depended on [ENS] to act professionally.\u201d<\/p>\n
Even though evidence in court showed that in 2019 it was a \u201cnear-universal\u201d practice for conveyancers to send their banking details by email, \u201cit does not absolve [ENS] of its unsafe behaviour\u201d.<\/p>\n
The firm obviously knew better, said Mudau, because its trust account investment mandate – sent to Hawarden after she made the R5.5 million payment but before the fraud was detected – \u201ccontained several warnings about business email compromise and precautions to be taken against it\u201d.<\/p>\n
Mudau also made a punitive costs award against ENSafrica for including in its court files numerous documents from Hawarden\u2019s laptop that had no relevance to the case, and for breaching agreements not to take copies of these documents when it had access to her computer during the discovery process. He said this was \u201cegregious\u201d behaviour.<\/p>\n
Hawarden\u2019s ordeal began when she divorced in 2019 and her husband \u00a0gave her R6 million towards the purchase of a home as part of the settlement.<\/p>\n
After deciding on a house in Forest Town, she paid a R500,000 deposit to Pam Golding Properties in May. Three months later, the hackers began to intercept her emails with ENS conveyancing secretary Eftyhia Maninakis, one of which had a PDF attachment with the firm\u2019s bank account details.<\/p>\n
She made the R5.5 million payment on August 22 from the Rosebank branch of Standard Bank. \u201cThe beneficiary bank, namely FNB, was unable to retrieve the misappropriated funds,\u201d said Mudau.<\/p>\n
ENS\u2019s letter the following month requesting a replacement payment contained a warning urging Hawarden to telephonically verify the firm\u2019s banking details before making the payment, and it emerged in court that this had been added in response to the August fraud.<\/p>\n
Anton van ‘t Wout, an expert in digital forensics who testified on Hawarden\u2019s behalf, gave a demonstration in court which Mudau said \u201cshowed the ease with which an email and PDF attachments could be spoofed and altered, the inherent insecurity of email, and alternative, safer ways of communicating sensitive information, including used a secure portal in conjunction with two-factor authentication\u201d.<\/p>\n
Attorney Mark Heyink, who specialises in IT law and organisational security safeguards, told the court that ENS\u2019s witness statements revealed \u201cinadequate awareness\u201d among its staff of business email compromise.<\/p>\n
When she testified, Maninakis said she did not know PDFs could be manipulated until Hawarden\u2019s loss occurred, and Mudau said this showed her training and awareness of the dangers of hacking were \u201chopelessly inadequate\u201d. ENS conveyancer Arshaad Carrim said he could not recall receiving training in cyber security.<\/p>\n
\u201cViewed objectively, [Hawarden] cannot be faulted for placing her trust in [ENS], which she knew was a very large and reputable law firm,\u201d said Mudau. \u201cOn her version, which I accept and cannot fault, she did not think she needed to seek advice as she was dealing with a law firm whose reputation went before it.<\/p>\n
\u201cHer case established clearly that sending bank details by email is inherently dangerous, and so must either be avoided in favour of, for example, a secure portal, or must be accompanied by other precautionary measures like telephonic confirmation or appropriate warnings which are securely communicated. Secure portals were available in 2019 and would have averted the fraud.<\/p>\n
\u201cENS is best placed to understand and prevent business email compromise. Individuals in society are generally not as well-placed to respond to the ever-evolving threat of cyber crime, which is sophisticated and technical in nature.\u201d<\/p>\n
In October 2021, the\u00a0Mail & Guardian\u00a0reported that Bukelwa Kwinana,\u00a0Robert Asamoah and Thembani Maswanganyi\u00a0appeared in the Johannesburg specialised commercial crimes court in connection with the Hawarden fraud. They faced charges of fraud, forgery, uttering and contravention of the Prevention of Organised Crime Act.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
ENSafrica failed in its duty of care when it failed to warn a house buyer about the threat posed by hackers, says a judge. Judith…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1151","post","type-post","status-publish","format-standard","hentry","category-innov8ions"],"_links":{"self":[{"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/posts\/1151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/comments?post=1151"}],"version-history":[{"count":1,"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/posts\/1151\/revisions"}],"predecessor-version":[{"id":1154,"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/posts\/1151\/revisions\/1154"}],"wp:attachment":[{"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/media?parent=1151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/categories?post=1151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.innov8fs.co.za\/blog\/wp-json\/wp\/v2\/tags?post=1151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}