Cases of Business Email Compromise (BEC) fraud continue to surge, and recent High Court decisions have confirmed that it’s up to you to verify that you are paying into the correct bank account.
How does BEC work and who is at risk?
BEC fraud involves cybercriminals impersonating your trusted contacts (e.g. suppliers and professional advisors) in fraudulent emails that look genuine. The idea is to trick you into making payment into the scammer’s account.
Everyone’s at risk, but BEC is particularly rife in transactions where large amounts of money are in play. Favourite targets are commercial operations and their customers, as well as all role-players in property sales – buyers, sellers, conveyancers and estate agents.
How do these scams work? For a snapshot of a classic BEC sting, have a look at this recent High Court case…
“But I paid you the R890k!”
Two Cape Town companies, who had been trading happily and successfully with each other for seven years, fell out over who should bear a loss of R886,726.25 after scammers stole the customer’s payment for a consignment of valves. Here’s how it went down:
Blaming the supplier won’t work – you must “seek out” your creditor
The customer, sued by the supplier for the outstanding amount, contended that the blame lay with the supplier, whose own negligence in failing to secure its IT systems against email interception caused the fraud.
That’s a defence often raised by BEC victims, and indeed our courts have stressed in the past the need for suppliers and professionals to ensure that their own computer systems are properly secured at all times. But it cut no ice in this case.
Rather, said the Court, (emphasis supplied), “it is the debtor’s obligation to ‘seek out his creditor’ and … until payment is duly effected, the debtor carries the risk that the payment may be misappropriated or mislaid.”
The real cause of the loss in this case, held the Court, was not any hacking of the supplier’s emails (if there was in fact a hack – the supplier denied it), but the customer’s failure to take the steps that a “prudent debtor” would have taken to ensure that it was paying into the correct account.
Our unfortunate customer must now pay the supplier, plus a raft of legal costs to boot.
Pick up the phone!
Our courts will have no sympathy for you if you fall victim by not protecting yourself. A factor that counted against our customer here was (emphasis supplied): “the fact, known to any persons in business and making use of computer-based methods of communication and payment, that cyber crime is rampant and that care must be taken at all times to limit its impact.”
The good news is that a few simple preventative measures can provide everyone involved with a strong layer of protection:
If you need help reviewing your fraud prevention and payment verification procedures, please feel free to contact us.
Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact us for specific and detailed advice.
© LawDotNews