Due to the attractively large sums of money involved in property transactions, conveyancing attorneys and clients alike are becoming popular targets for cybercriminals and scammers. The increasing volume of communication exchanged between attorney and client via electronic means provides criminals with more opportunities to infiltrate the transaction.
South Africa has the third highest number of cybercrime victims in the world. According to the South African Banking Risk Information Centre (Sabric) Annual Crime Statistics report for 2018, digital crime increased by 4.9% from the previous year. Although there is legislation in place such as the Protection of Personal Information Act 4 of 2013 and Financial Intelligence Centre Act 38 of 2001 to name a few, it is imperative that firms are able to pre-empt these attacks by having proper policies and checks and balances in place to avoid any claims of negligence. The Legal Practitioners Indemnity Insurance Fund report over 110 cybercrime related claims with a total value of R70 million in the period July 2016 to August 2018.
Cybercrime fraudsters are becoming increasingly sophisticated in the way their scams are engineered. The fraudster sends a phishing-type email aimed at intercepting email correspondence to one of the parties and then monitors the progress of the transaction thereafter. Sometime before the payment due date, a fraudulent email is sent to either the conveyancing attorney or to the client from an email address that is eerily similar to the original senders’ email address, sometimes, only one syllable or symbol has been altered and is next to impossible to pick up if you are not looking for any discrepancies. In such emails, they alter the banking details to reflect their own and the proceeds from the sale of the property are then transferred into their banking account. It is virtually impossible to trace where these funds have gone.
Should the purchaser be deceived into paying into the incorrect banking account, they are often placed in a position where they are no longer financially able to perform in terms of the agreement. The purchaser could find themselves in breach of contract and liable for damages to the seller, over and above losing their money, they do not get the property they have purchased. A lose-lose situation all around.
Unfortunately, there is no way to eradicate fraudulent activity, and at this stage, prevention is better than cure! As conveyancing firms have increased their email security and payment verifications systems, the breach often occurs on free email servers used by purchasers and sellers making them an easier target. Here are some ways in which one can mitigate these kinds of attacks:
- Important documents should always be signed in person and verification of banking details completed
- Personally verify any banking details or change in payment instructions telephonically on a contact number you have used previously. Do not pay on any invoice without first verifying that the banking details are correct. Invoices are often tampered with by criminals.
- Do not just click reply to an email when sending sensitive information, create a new email and find the person you would like to send the email to and double check the details
- Any emails advising of a change of banking details should be viewed with suspicion unless you have confirmed the authenticity of the change
- Always update your security software
- Be on the lookout for communication that contains grammatical or spelling errors. Carefully check the email address. Immediately contact the firm of attorneys if you suspect that the e-mail does not emanate from their office.
- Always confirm payment immediately by sending proof of payment to the attorneys and ask for confirmation. When in doubt transfer a smaller sum to ensure that the funds are received, and then transfer the larger amount.
C & A Friedlander Attorneys are now a public recipient on ABSA, Nedbank, FNB and Standard Bank ensuring a safe way to make payments. As Cybercrime has become so prevalent it is up to all parties concerned to be vigilant and have adequate systems in place.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE).