Cybercrime in the Conveyancing sphere

Conveyancing firms are steadily becoming targets of cyber crime due to large sums of money that is involved in property…
By Boney Cronje
23 February 2023

Conveyancing firms are steadily becoming targets of cyber crime due to large sums of money that is involved in property transactions. Most of the correspondence exchanged between conveyancing firms and clients are also by way of electronic communication which makes it very attractive for cyber criminals.

What is Cybercrime?

Cybercrime is defined as a criminal activity that makes use of a computer, computer network or networked device. In the majority of instances, the cyber-criminal intercepts and manipulates e-mails to create the illusion that an e-mail purportedly originated from the client or conveyancing firm. Legitimate e-mails are thus replaced by forged emails emanating from e-mail address that are deliberately designed to look like those of the client or conveyancing firms. Not only the e-mail itself is problematic, but the content thereof as well. Cyber criminals will forge proofs of banking details noting their banking details as the banking details to be used for purposes of payments. These types of cyber attacks are usually referred to as “business e-mail compromise” fraud.

Cybercrime is not limited to business e-mail compromise only; other methods include:

  • Hacking – gaining unauthorized access to data in a system or a computer;
  • Phishing – emails are sent en masse containing fake e-mail links or websites with the intention to obtain sensitive information;
  • Spear-phishing – targeted phishing attack aimed at one person with relevant information or data aimed at that one specific person;
  • Ransomware – malicious software that will block access to a system or operation of a system until a ransom is paid;
  • Website vulnerabilities – cyber criminals obtain unauthorized access to a website with the intention to change e-mail addresses or information; and
  • Fake law firm websites – this can lead to identity theft and brand hijacking of law firms.

What do the Courts say?

In the latest cybercrime matter brought to Court (Hawarden v Edward Nathan Sonnenbergs Inc (13849/2020) [2023] ZAGPJHC 13) a prominent conveyancing firm had been held liable for the repayment of R 5,500 000.00 to a purchaser who had assumed that the funds that she paid, had been paid to the conveyancing firm based on an email received with banking details attached thereto. E-mails between the parties had been intercepted and manipulated to reflect altered banking details. The e-mail address had been designed not to look suspicious on first sight. The Court ruled that the firm’s banking details were indeed regarded as financial sensitive information and sending e-mails with banking details attached is inherently dangerous. The risk of sending banking details via e-mail should have been foreseen by the firm.

What can we done to prevent losses in the conveyancing sphere due to cybercrime?

Technology is increasing rapidly and each new technological innovation opens up new possibilities for cyber criminals. The only reliable constant is the human factor. Banking details should thus always be verified telephonically before any payments are to be effected. In the event that banking details are submitted electronically, only if it cannot be handed over in person, an immediate follow up should be made to confirm that it had indeed been received and also verified. Any other e-mails received thereafter with banking details either attached as pdf or in the body of the e-mail should at all times be disregarded and be brought to the attention to the other party. E-mail addresses should always be carefully inspected to confirm that it is indeed the correct e-mail address. If there is any doubt as to the origin of the e-mail, the receiving party should always contact the sending party to confirm.

Vigilance and pedantry are therefore the greatest weapon against cybercrime and should always be implemented especially when payments are to be made.