Caught in the Web: How One Business Lost Almost R900 000 to Cybercrime
The Western Cape High Court has recently handed down judgment in a cybercrime case that highlights the growing sophistication and frequency of cybercriminal activities. Despite the increasing body of legal precedent addressing such incidents, cybercrime remains a pressing concern, particularly for businesses engaged in routine financial transactions.
The Facts of the Case
The parties involved in this case had enjoyed a business relationship dating back to 2014. Over the years, the Applicant consistently used the same banking details for all transactions. In October 2021, the parties entered into a sale agreement. The agreed payment of R886 726.25 was to be made after delivery, which occurred without delay.
Unbeknownst to the parties, a third party intercepted their email correspondence. Using fraudulent emails, the third party instructed the Respondent to pay into a different bank account, supposedly representing a change in the Applicant’s banking details. These fraudulent communications included convincing confirmations, which duped the Respondent into transferring the funds to the fraudulent account without verifying the legitimacy of the change.
It was only when the Applicant followed up on the outstanding payment that the Respondent realised it had been defrauded.
The Legal Dispute
The Respondent argued that the Applicant bore responsibility for the loss, asserting that the Applicant’s negligence allowed the third-party interception. However, the Applicant maintained that its email systems were secure and argued that the interception was outside its control.
At the heart of the case was a well-established legal principle: the debtor bears the obligation to ensure proper payment to the creditor. As the Respondent had not verified the alleged change in banking details, the Court held that the loss was the result of their negligence, not the interception of the email.
Court Ruling and The Broader Implications
The Respondent’s failure to verify the updated banking details was deemed the cause of the loss. The Court’s ruling serves as a stark reminder that trust, routine, and even established business relationships are not sufficient defences against the ever-present threat of cybercrime. The Court further reaffirmed that the debtor must seek out the creditor and ensure payment is made to the correct account, carrying the risk until payment is duly completed.
It is necessary for companies to ensure firm security protocols are in place in order to protect themselves from these risks. Even the most basic deterrents such as making a phone call to confirm new banking details, can make the difference between a successful transaction and a costly error.
Final Thoughts
This ruling stresses the critical need for vigilance in the digital age. Cybercriminals exploit complacency, trust, and routine to target businesses of all sizes. By fostering a culture of caution and verification, companies can protect themselves from becoming the next victim of sophisticated cybercrime.
So is this merely a cautionary tale or will you hear the call to action. Are your business processes robust enough to withstand the ever-growing threat of cybercrime?
Written by Garion Malherbe.
We trust that you found this article informative, please email info@hjwattorneys.co.za for assistance with all your legal queries.
This article is provided for informational purposes only and should not be substituted for legal advice on any specific matter. Any opinions expressed herein are subject to the law as at the time of writing and will change in accordance with any change in the law. We recommend that you contact HJW Attorneys & Conveyancers at info@hjwattorneys.co.za directly for advice applicable to your specific matter.