A Pretoria law firm has appealed a high court decision that it still owes a client R1,744,599.45 plus interest, even though it had already paid R1.7m into what later appeared to be a fraudulent account due to hacking.
Law firm Van der Spuy and De Jongh was used by businessman Johan André Fourie as conveyancers in a property transaction.
They kept almost R4m, relating to the transaction, in an investment account as requested by Fourie.
At some point the firm received an email from the client's email address, supplying them with "new bank details". Subsequently the firm also received six requests to pay amounts - varying from R285 000 to R750 000 - from the money held into the client's new bank account.
It was only during a later phone conversation between attorney Nicola van der Spuy and Fourie that she happened to mention the amounts he had requested to be paid over.
That was when the fraud was discovered. It turned out the client's email had apparently been hacked and hijacked. It was possible to only get back two of the amounts the firm had paid over into the fraudulent account.
Van der Spuy told Fin24 on Monday that they regard the high court judgment by acting judge Matthew Klein, ordering them to still pay Fourie R1.7m plus interest, as unfair.
"It was our client's email that was hacked, not ours. Our client was negligent to have had someone hack his email. We were not negligent," said Van der Spuy.
"I had worked with this client before and his instructions always came via email."
Van der Spuy says Fourie claims some of the emails the firm received indeed came from him - but some not. Yet, Fourie refused to allow the attorneys to check his laptop once the fraud came to light in order to try and see how and why his email was hacked.
Klein found that, if Van der Spuy had simply ascertained from Fourie whether the new bank details were correct, "the fraud would not have happened".
"One can actually assume that all the Fica documents (were) false, all account holders untraceable," Klein states in his judgment.
"It is abundantly clear from the facts that no verification process was followed and that the firm would have to carry the loss, not the applicant."
Klein further points out that the rate at which cybercrime occurs makes the internet "a very unsafe working area".
"Perhaps a time will come when monies will be transferred in the presence of a client, client will have to waive the nicety of EFT's being done without client being present, alternatively client being phoned," he states.
"However, it is not the function of the court to make plans how to curtail the absolute low-minded, yet deceptive cyber criminals."
In his view, it is perhaps time that attorneys not accept email notifications concerning banking details from any client.
He also noted that attorneys in SA have been warned as far back as 2017 that "cyber related risks are on the increase and attorneys must ensure they have adequate risk mitigation or avoidance measures in place to deal with cyber related risks".
Therefore, he found Van der Spuy negligent and having "failed to exercise the requisite skill, knowledge and diligence expected of an average practising attorney".
In July this year Fin24 reported that hack attacks, ransom threats and theft of money through fraudulent transactions were becoming a stark reality for legal professionals and law firms around the world. Samantha Varela of Aon South Africa commented that conveyancing attorneys specifically are in the sights of cyber criminals.