MIGHT NEED A NETFLIX SPECIAL: THE CASE OF HAWARDEN V EDWARD NATHAN SONNENBERG INC.

A BUSINESS EMAIL COMPROMISE NIGHTMARE.

INTRODUCTION

I read a number of cases wherein email compromises have lead to criminals, during the course of their job, acquiring large sums of monies from the vulnerability of the human complex. Well established hackers have provided that the most vulnerable system to hack is the human system. Social engineering of the human perception is the hack which career email compromisers tend to take advantage. Such hacking of the human perception and taking advantage of the human lived experience is seen in the say the criminals in the case of Hawarden V Edward Nathan Sonnenberg

This post centres the Cyber crime issue of Busines Email Compromises and how the new money heist have moved to the digital realm of existence. In Discussing this issue, i will use the case of Hawarden v ENS as an illustration. I hope this literary work brings awareness to the readers on the dangers and ever present risks of Business Email Compromise but should it not do so, i hope it atleast it gives you the idea on going on neftflix and watching Money Heist if you havnt, because its one of them one, when it comes to viewing pleasure.

(Its all starts with the facts of the case)

Hawarden v Edward Nathan Sonnenberg: The Facts

Okay so the execution of the heist at hand isnt as complex as depicted in the netflix series, Money Heist. Its actually straight forward, its impressiveness lies in the manipulation of perception.

Ms Hawarden was in the process of purchasing, what i assume is a stunning house because of the price tag on that tang, 6 million purchase price on this property. She commences with the entire process of purchasing house by first finding the property through the estate agent, Pam Golding Properties. Pam Golding who acts as the agent of seller establishes contact with Ms H and proceeds to inform her that the price at which she wants to purchase the house has been accepted by the seller and its a go on her acquiring, again what I assume is her dream house. You dont pay 6 million on anything unless that the thing that you have always wanted to have. So beautiful, the deal is a go, Pam Golding informs Ms H that the first thing she has to be is pay a deposit of 500k to the trust account of Pam Golding estate agency. Now Ms H got it like that, and she paid that deposit straight up with no hesitation of feints. Pam Golding warned her of the risk of Cybercriminals committing business email compromise licks ( scams) , therefore she was advised to always double check as to whether she is paying to the right bank account. Prior to payment of the deposit, she does her verification check and boom 500k straight to trust bank account of Pam Golding Properties. Pam Golding informs the conveyancing attorneys employed by the seller that the deposit has been paid and that the process of drafting the necessary documentation can commence. The conveyancing attorneys the seller choose was Edward Nathan Sonnenber, aka ENS. Now if you know anything about law firms, you most definitely know that ENS is one of the goats of law firms in south africa. These dudes practice the law at the highest level and bolster an impressive list of clients and an even impressive list of legal professionals in their stable. You need a problem solved, ENS it isnt a bad idea to approach ENS to have it solved. Ofcourse provided the pockets are deep.

Cool, ENS commences with documentation drafting and facilitation of the transaction. Communication gets established between ENS and Ms H.

(I suspect that the criminals always knew that there is something here long before communication between Ms H and ENS commences, so the hacking began long ago. It was the communication between the two began where lips where getting licked by the criminals and salivation commenced- We Will Return To This)

The first communication was the secretary of ENS sending email with an attachment bringing to the attention of Ms H details of the necessary guarantees requirements ( Note there was an agreement between the two which provided that the remaining balance of the purchase price would be covered by a bank guarantee in favour of the seller or by any other alternative manner). As far as we are concern, the hack began here as the letter which reached the computer of Ms H was a letter containing the criminal bank accounts. The actual letter written by the secretary of ENS contained the actual account details.

With access to Ms H email account, or sever or whatever, This transaction was at the mercy of the criminal hackers. Ms H i assume see this email from ENS and given the name ENS, she figured this deal was a done deal, the conclusion of it would be like a walk in the park. Its ENS dude. With Ms H guard down, given who the conveyancing attorney is, correspondence get exchange between the two, with the criminal hacker in between playing god on how they want this to end. Ms H nor ENS, when it comes to email correspondence, were actually communicating with each other. The only true communication which happened between the two was the communications exchange over telephone call.

( The criminals in this, although skilled, were also lucky, because what are the chances that during the telephone conversation relating to 5.5 million no talk sprouted about banking details and all that stuff that could alert either party that shit is going on which is good shit)

Then after days of fake correspondences, as a result of an intentional spelling error in an email address created by the criminal hacker, the day finally comes. On this day, non knew of what would come. Not Ms H, not ENS, not even the criminal hackers knew what this day would have in store when they all woke up on this Thursday, week 34 of the year 2019. Non knew that something extraordinary would happen this day, 20 August 2019.

On this day Ms H went to her bank to enquire on some stuff as it pertains to playing her part in the completion of this transaction. She enquired about her option of furnishing a guarantee in favour of seller versus effecting an electronic transfer of 5.5 millio to ENS trust account. While at the bank, conversations were flowing, possibilities were sprouting and she picked up the phone and called ENS secretary. The secretary's phone just rang, she was probably on lunch break. Maby this was a sign for Ms H to chill, the universe has a language of its own. I dont know. But nah, sometimes luck is just not on your side because Mr C, associate of ENS, brilliant attorney returned the missed call of Ms H to the secretary. She enquired about the interest, she was informed that the interest of ENS was lower than that of bank. She said okay and boom!!!!, again, proceeded to instruct the bank employee she was talking to, to push the payment of 5.5 million to what she believed was the the trust account of ENS. The bank details she took with her that day, were the bank details of the criminal hacker, unbeknownst to her. The employee entered the details of the criminal hackers bank detail, ofcourse unknown to her to, then boom!!!! ( there was alot of booms in this, it was like a micheal bay film) the criminal hackers were up 5.5 million rands, that R5 500 000.00 direct deposit notification into a bank account. Am not glorifying anything, but I never knew that patience could be worth 5.5 million rand on a day. Celebration ensued from the criminals and it was the begining of a nightmare for Ms H especially, because thats 5.5 million rand gone, poofffffff!!!!!!!!. While am sure they celebrated the victory, the criminals still had to buy some time in order to withdraw these funds from 5.5 million rand bank account and run off to the sunset. So they intercept an email from Ms H, wherein she wanted to inform ENS that payment has just been effected, and they instead send a fradulent email which attached to it a proof of payment and further telling ENS that paymet should reach them between 24-48 hours.

ENS recieves this email, and send back an email to Ms H, thanking her for the payment. Attached to this email was an investment mandate that actually contained warning of Business Emal compromise. The high court uses this to rule against ENS and holding them liable for the pure economic loss suffered by Ms( we will get back to this). The criminal dudes sent a couple more emails, in order to buy themselve time to withdraw the whole 5.5 million. One of the emails they sent, which gave them all the time they needed was an email wherein they informed ENS that monies had not left the account and that payment would need to be done afresh.

29 August 2019 was the day the fraud was discovered by Ms H. These criminal dudes made 5.5 million from days of works. Basically.

The bank which housed the criminals bank account could not bring back the money, nothing could be done, but open a case with the police and report 5.5 million transfer into a fraudulent bank account. Ms H knowing the seriousness of this, and the likelihood that she will see that 5.5 million ever again, She goes after ENS for the money. Legal Proceedings commence.

COURT OF FIRST INSTANCE: High Court of South Africa

Ms H employs the services of Werksmans attorneys, another heavyweight of the legal fraternity to impute liability of the loss of her 5.5 million rand on ENS. A legal action gets instituted in the High court for a delictual claim founded on pure economic loss on reasons that ENS owed Ms H a legal duty of care towards ensuring that she does not pay 5.5 million into the incorrect bank account.

Now note that a claim for Pure economic loss, is a claim difficult to establish because it basically about convincing the court that public and legal policy considerations founded on constitutional norms requires that you be compensated for your pure economic loss cause of the negligent commission of another. A claim for pure economic loss founded on an abstract test which requires creativity to convince the court of its existence. If theres a firm that can do this, Werksman attorney are the right people because they were actually able to convice the High Court that indeed ENS is liable for the loss of 5.5 million which Ms H sent into the wrong account, due to a scam by cyber criminals

Werksman pulled of establishing pure economic loss by presenting to the court the following:

• The most essential element to determine when claiming for pure economic loss is public and legal policy consideration founded on constitutional norms. So where a party is able to establish that policy consideration require that the party be compensated, then liability can be established on the other party. Generally the law does not recognise a right not to be caused pure economic loss, therefore a conduct alledged to cause pure economic loss is prima facie lawful until the alledging party can establish that that the legal convictions of the community, determined using an objective test, call for the party that suffered pure economic loss to be compensated. This is an exception to the general rule of delict that everytone bears their own los.

  • Werksman Attorney with the help of C H J Badenhorst SC together with MD Williams were able to make a good case that policy consideration informed by constitutional norms dictate that Ms H be compensated

  • Werksman Attorney basically said, in advancing their case on this aspect, that "finding in favour of Ms H would impose a duty on convenyancers and attorneys who already owe a duty to third party purchasers when dealing with trust funds.

  • They further strengthen their point on this by advancing that the interest of Ms H aswell as the interest of society demand that a legal is recognised in ths

  • Lastly in satisfying the element of public policy consideration, they cited a dictum in the case of Estate Van Der Byl v Swanepoel wherein the court in that case provided that " where one of two innocent parties has to suffer a loss arising from misconduct of third party, it is for the public advantage that the loss should fall on the one of the two who could most easily prevented the happening of the recurrence of the mischief". I read this and i was convinced by counsel for Ms H that indeed with "great power comes great responsibility"- Uncle Ben.

    • (policy consideration check)

• With the difficult part of establishing pure economic loss, now out the way, counsel job now became a walk in the park as now, they just needed to establish the element of Causation, Fault and Wrongfuless to complete their imputation of liability on ENS for Ms H sending 5.5 million rand to an incorrect bank account ( I know it strange right- but stay with me)

  • On the Causation element, for it to be satisfied, you have to establish factual and legal causation. Factual causation being but for the conduct of the other party, would you have suffered the loss. Legal causation being the proxmity of the conduct to the resultant loss of the aggrieved party, the closer the conduct to the outcome the more likely the outcome was caused by the conduct

    • So to establish causation counsel for the plaintiff put forward that but for the failure of ENS to warn Ms H of BEC risks, Ms H would not have suffered the losss. Further in support to this, they advanced that but for the negligent transmission of it account details, Ms H would not have sent 5.5 million rand to digital pirates. With these two point Factual causation was established , and legal causation remained

    • In proving legal causation , they simply established that the negligent conduct of ENS is sufficiently closely linked to the loss suffered by Ms H. Lega causation established.

    • Therefore court was convinced that ENS was the sole cause of Ms H sending 5.5 millio rand to scammers ( i know right- what!!!!!- stay with me) .

      • (Causation check)

  • On the Fault element, court was convinced of ENS's negligence in the matter and found and i quote "it would not be overly burdensome or unreasonable to impose liability on ENS. The risk of loss to Ms H was highly foreseeable by ENS".

    • (Fault, check)

  • On the element of wrongfulness, given the establishment of policy consideration, wrongfulness became a cake walk because in establishing policy consideration,they established a legal duty owe by ENS to Ms H. Meeting the wrongfulness requirement in a delictual claim for pure economic loss wherein that loss is alledged to have been caused by the negligence of another requires that there first exist a legal duty. The existence of this legal duty is determined through judicial discretion wherein public and legal policy consistent with constitutional norms dictate the existence of such legal duty.

    • Generaly writing, negligent conduct in the form of an ommission is not regarded as prima facie wrongful in delictual claims. Therefore its the responsibility of the alledging party to show the court that a legal duty between the parties.

    • The legal artist acting for the plaintiff pulled it off. They were able to present a case that it would be reasonable, through the courts judicial determination wherein a value judgment is conduct, for the case bought before the court by the plaintiff to warant a delictual remedy.

  • (wronfulness check)

Court took all of the above, listened to the defendants side, and their witness, found that the defendant did not make a good enough case to proving on a more balance of probabilities than the plaintiff that they are not responsibile for the 5.5 million rand loss Ms H suffered.

High court concluded that Ms H claims was upheld with cost on the scale as between attorney and his own client ( this is a punitive cost order by they, so the court was in a way angered by the case presented by ENS)

ENS order to pay 5.5 million rand to Ms H for the loss she suffered as a result of her depositing 5.5 million rand into the bank account of the Business email compromisers ( Still something does not sound right, right? - we almost there stay with me)

"Know thy self"- Socrates.

If ENS did not know thy self and was not confident in their ability to set this case right and just, they would not have taken it on appeal to the Supreme Court of Appeal. They took the High court judgment on appeal, and came back holding a W. That W for victory.

Heres how they did it:

COURT OF APPEAL: SUPREME COURT OF APPEAL

(As far as written appeal judgment are concerned, this was one of the most well written appeal judgments i have read. Usuaully appeal judgments penned, dont touch on the facts of the case. The brush through the facts by stating " I wont provide the facts, as they have been extensively dealt with in the court a quo". I appreciated the acting judge of the appeal F B A Dawood, for writing a judgment which gave a concise facts of the case. This was 13 pages of nothing but facts, bars and insight. I appreciate this judgment alot.)

Back to the programme. How ENS succeeded in their appeal of the high court judgment:

After the results from the high court came out, i imagine ENS took it personal and smiled because they knew its not done. They got themselves in order, employed outside attorneys Clyde & Co and Clyde & Co had W Trengrove SC ( if you know you know- excellenct advocate) with R Ismail to advocate for the case of ENS against paying 5.5 million rand for a loss suffered suffered by Ms H. SCA accepted their application for leave to appeal in the SCA and it was the SCA's job now to determine whether indeed Ms H has established the wronfulness element for a delictual claim arising out of an omission causing pure economic loss.

The element of wrongfulness is closely linked to the element of policy consideration consistent with constitutional norms. So this appeal also automatically deals with the issue of whether policy consideration consistent with constitutional norms dictate that Ms H be compensated.

Ms H retained Werksman as her attorney of choice and maintained the argument that ENS through its representative, the associate and the secretary that handled the property transaction, owed her a legal duty to exercise that degree of skill and care by a reasonable conveyancer. ENS denied the existence of this legal duty, denied wrongfulness in the conduct they took in this matter and further denied that they were negligent nor wrongful and pleaded contributory negligence ( this was probably a claim in the alternative, that should court find them negligent, they should also find Ms to have contributed to the loss through her negligence).

Court looked at the relevent papers of the parties and in discussing and evaluating the legal principles found that ENS was not wrongful in their negligence of omitting to warn Ms H of BEC scams, sending pdf unencrypted attachment and not verifying account details with Ms H.

The courts outlines the legal principle of wrongfulness so well that am confident in my capability to explaining the element of wrongful on alledged negligent omission in a delictual claim. In reaching its conclusion on the wrongful determination which the court had to determine in this appeal, court said:

• First its important for everyone to know that "everyone bear the loss that they suffer and conduct causig pure economic loss is not prima facie wrongful

  • So in applying this to the matter, the courts points of departure is that the conduct of ENS representative in this transaction is not prima facie wrongful in the delictual sense and does not give rise to liability on their part unless policy consideration required Ms H to be recompensated by ENS for the loss she suffered

  • For conduct of ENS to be wrongful the court first determined whether, through a judicial determination, there existed a legal duty owed by ENS to Ms H, and therefore whether it would be reasonable to impose liability on ENS for 5.5 million loss suffered.

    • Now from a delictual sense, wrongfulness of neglifence by omission( as is the allegation of Ms H in this case) depends on the existence of a legal duty. The court in this instance found that during the cause of action events in this case, ENS owed no legal duty to Ms H as Ms H was not a client of ENS. There was no contractual relationship. The loss happened at time when there existed no attorney client relationship between ENS and Ms H. The loss suffered by Ms H was not due to any system fault on ENS side but was suffered because cyber criminals saw a vulnerability in Ms H computer, inflitrated her email and proceeded to divert payment into their own account. It was the responsibility of Ms H to protect herself and her system from Business email compromisers. She ample opportunity to avert the risk of a BEC scam succeeding

  • Another determination the court made was whetther, through judicial determination also, that reasonableness to impose liability on ENS depends on public and legal policy consideration consistent with constitutional norms.

    • The court in considering this aspect, looked at whether a claim of a pure economic loss succeeding here would be in accordance to policy consideration. Given that, as the ConCourt once mention, pure economic loss claim succeeding means the risk of an indeterminate liability, for an indeterminate , for an indeterminate time, such a risk militates against the imposition of liability on the grounds of pure economic loss. And doing a weighing of value judgment, the court found that it would be legal reprehensible to impose liability on ENS, with consideration of the circumstances of the facts of the case.

• A criterior important also to the determination of wrongfulness in such cases is the factor of "vulnerability to risk". This criterion as explained by courts is that where a platiff has takenj, or could reasonable have taken steps to protect itself from or avoid loss sufered, is an important considerations that counts against a finding of wrongfulness in pure economic loss. Where the conduct of the defendant has nothing to do with exposing the plaintiff to vulnerability, then this will count against the imposition of liability of the defendant.

  • Therefore the court, looked at this and found that due to her choices that she made in this transaction, the choice of electing EFT payment over bank guarantee, the choice of not verifying the banking details of ENS before effecting payment and the choice of not taking measures to avoid the risk of BEC the same way she did when she made that deposit to Pam Golding Properties trust acccount, is why she must in the circumstance take responsibility for her loss. Thus it would be unreasonable to shift responsibility for her loss to ENS.

SCA therefore concluded that Ms H ought to have failed in the High court. The appeal of ENS is upheld with cost. The order of the high court is set aside and substituted with the order that the plaintiffs claim is dismissed with cost, such cost to include cost of two counsel so employed.

CONCLUSION: CLIMAX

With that which is written above, nothing is said on the criminals who had 5.5 million rand diverted to their bank account. Out there, there are dudes and dudess;s( female dudes) who got 5.5 million rand and are still not found nor known who they are.

Cyber Crime is a real thing. With the advancement of technology comes the advancment of human ingenuinety in committing crimes and taking stuff they want outside the bounds of the law. Take heed of this warning, protect you systems by updating your anti-virus, encrypting your emails and attachents and most importantly keeping your mind always alert for those who seek to destroy your life by advancing theirs.

Disclaimer

The views and opinion expressed are those of my own, based on my own experiences and my subjective interpretation of the subject matter. They are not authority nor should they be construed to be authority. Do your research, read further, gain knowledge and do what you want with it. Non of the views expressed herein are legal advice. Always seek a legal practitioner for your legal problems