Contact

Cybercrime in South Africa - attorneys fall victim to cyber fraud

Back to top

Cybercrime in South Africa - attorneys fall victim to cyber fraud

The prevalence of cybercrime in South Africa is on the rise – confirmed by Acting Judge Klein in the recent judgment of Fourie v Van Der Spuy and De Jongh Inc. 2019 JDR 1801 (GP), who remarked on this while pronouncing on a case in which a law firm fell victim to hackers at the expense of their client.

18 Feb 2020 3 min read Technology. Media and Telecommunications Alert Article

In the Fourie case, the client of a law firm (the Applicant) applied to the High Court seeking an order for damages against two practicing attorneys and their law firm (the Respondents) after one of the attorneys (the Attorney) had erroneously transferred the Applicant’s funds out of the law firm’s trust account and into several bank accounts held by one or more unknown hackers.

The Attorney had previously acted for the Applicant and was holding the funds in the law firm’s trust account for the benefit of the Applicant, who had instructed the Attorney to retain the funds on his behalf. The Attorney subsequently received a number of emails purportedly sent from the email address of the Applicant, informing her of the “Applicant’s” new banking details and instructing payment of the funds into a number of bank accounts. The Attorney paid the funds as instructed, without verifying the new banking details with the Applicant. It was only after the Attorney had transferred the funds into the new bank accounts that it was discovered that one or more unknown hackers had hacked the Applicant’s email and provided the details of their own bank accounts – wherein the funds had erroneously been deposited by the Attorney.

The High Court said that “[t]he [Attorney] was negligent and failed to exercise the requisite skill, knowledge and diligence expected of an average practicing attorney and thus failed to discharge her fiduciary duty to the Applicant by transacting via e-mail whilst full-well knowing that fraud is prevalent in her profession and not employing any measures to ensure that neither she, nor the Applicant will fall victim to fraud.” The court rejected the Attorney’s defence that a fraud had been perpetrated which had released her from her duty to account to her client, and concluded that the Attorney was, in fact, liable for her negligence. The Respondents were held jointly and severally liable for the loss suffered by the Applicant, with the High Court ordering the Respondents to pay the loss suffered by the Applicant over to the Applicant with interest.

While the Fourie case primarily dealt with the principles concerning the nature of trust accounts and an attorney’s duty of care owed to his/her client, it highlights the potential damage that can be caused by cyber criminals. Given the nature of cybercrimes, it is unfortunate that the victims of these crimes are forced to litigate against each other while the actual cyber criminals get away with the money! These injustices will, however, be addressed with the South African National Assembly having passed the Cybercrimes Bill of 2018 (B 6B—2017) (the Cybercrimes Bill) in November 2018. The Cybercrimes Bill (although not yet enacted into law) aims to criminalise both hacking and cyber fraud – two separate offences which the hackers in the Fourie case would potentially have been charged with had they been identified and subjected to investigation by the South African Police Services (SAPS). The offence of hacking (referred to in the Cybercrimes Bill as “unlawful access”) carries a penalty on conviction of a fine (unspecified) and/or imprisonment for a period not exceeding five years whilst a conviction on a charge of cyber fraud grants the court a discretion to impose a penalty that it deems appropriate under section 276 of the Criminal Procedure Act 51 of 1977.

Given the inadequacy of the current regulatory regime applicable to cybercrimes in South Africa, the Cybercrimes Bill is a beacon of hope for victims of cybercrime such as the Applicant and the Respondents in the Fourie case. The enforcement of such law by the SAPS and prosecuting authorities (once the Cybercrimes Bill is enacted) will, however, be pivotal in bringing cyber criminals to justice.

The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2024 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.

You might also be interested in

21 Sep 2023

by Alex Kanyi and Joan Kamau

Draft Medium-Term Revenue Strategy

On 15 September 2023 the Government of Kenya published the draft Medium-Term Revenue Strategy (MTRS) for the financial years from 2024/25 to 2026/27, which aims to raise sufficient resources for the implementation of the Government’s priority programmes under the Bottom-Up Economic Transformation Agenda by providing a comprehensive approach of undertaking effective tax system reforms to boost tax revenues and improving the tax system over the medium term.

Tax & Exchange Control

7 min read

24 Jul 2023

by Vivien Chaplin, John Gillmer, Haafizah Khota and Menachem Gudelsky

New accountable institutions beware: Deadline ahead for submission of a risk and compliance return

On 31 March 2023 the Financial Intelligence Centre (FIC) issued Directive 7 in terms of section 43A(3)(a) of the Financial Intelligence Centre Act 28 of 2001 (FIC Act). Directive 7 makes it mandatory for a specified list of accountable institutions to submit a risk and compliance return to the FIC by 17h00 on 31 July 2023.  

2 min read

19 Jan 2024

by Njeri Wagacha

Njeri Wagacha talks to Catherine Igathe

Njeri Wagacha talks to Catherine Igathe, Managing Director and Founder of Ortus Solutions Group Ltd.

53:02 Minutes

11 Apr 2024

by Puleng Mothabeng

Don’t kill my dream: I promise to comply with my tax obligations

“ Nothing is certain but death and taxes .” This infamous proverb confirms the obligation that we all have to pay tax – in some way or another. However, how many of us are actually aware of this obligation and how to go about discharging it?

Tax & Exchange Control

8 min read

12 Oct 2023

by Alex Kanyi

Comments on the Draft Medium-Term Revenue Strategy (MTRS)

CDH Kenay Partner Alex Kanyi discusses the Draft Medium-Term Revenue Strategy.

Tax & Exchange Control

1:00:59 Minutes

29 Jan 2024

by Jose Jorge and Alex van Greuning

Erroneous payments to employees: Is a deduction from salary a contractual breach?

On 17 January 2024, the Supreme Court of Appeal (SCA) handed down an interesting judgment in Mhlontlo Local Municipality and Others v Ngcangula and Another (1154/2022) 2024 ZASCA 5 (17 January 2024) that, amongst other things, dealt with the concurrent jurisdiction of the Labour Court and the High Court to determine a matter related to a contract of employment, and clarified whether an erroneous payment made by an employer over a period becomes a term and condition of employment.

Employment Law

6 min read

This website uses cookies to enhance the browsing experience. For more information, please see our Cookie Policy.

Accept Decline