Lawyer must cough up after cybercriminals steal clients’ R1.4 million

  • A Gauteng attorney has been found liable to pay his clients R1.4 million after he transferred their money to a fraudster’s account.
  • The scammer had intercepted email correspondence between the client and the attorney and sent fake account details.
  • The money was from the sale of a property.

A Gauteng attorney has been found liable to pay clients R1.4 million, the proceeds of the sale of a property they owned, which was stolen through a “business email compromise”.

Attorney Gavin Hartog believed he was transferring the money into his client’s account, but he was unwittingly paying it into the Standard Bank account of a fraudster who had intercepted his email correspondence.

The fraudster withdrew the money almost immediately and it has never been recovered.

Hartog’s clients — Brigitte Daly, her husband Patrick Daly and her sister Karin Foulkes-Jones (now deceased) – first secured an order against him in the Johannesburg High Court in June 2021.

Hartog appealed this. But Judge Rean Strydom, with Judge Majake Mabesele and acting Judge Johannes Strijdom concurring, said Hartog had initiated correspondence with the clients via email and they had responded using the “same means”.

He had thus “breached the mandate” by not making payment of the proceeds of the property sale into Patrick Daly’s account and remained responsible.

Judge Strydom also dismissed Hartog’s contention that Standard Bank had been negligent.

The property in question was in Parkwood. It was owned by Karin and Brigitte and was sold in June 2018.

They instructed Hartog to deal with the conveyancing. R100,000 was paid into Karin’s account and the balance, about R1.4-million, was to be paid into Patrick’s Standard Bank account.

Instead it was paid, via EFT, into the Standard Bank account of a Mr Simelane.

Judge Strydom said Hartog had emailed Karin and Brigitte informing them of the amount payable to them from the sale. He requested that they send him “instructions and bank details”.

Three days later, Patrick emailed Hartog providing details of his Standard Bank account.

Hartog sent a further email to Patrick confirming the instructions and asking for confirmation of the bank account details.

While Patrick said he responded on the same day, Hartog claimed he did not receive that email.

Then Hartog received what he believed was a further email from Patrick, asking that Hartog deposit the money into another account. Attached was a purported account confirmation from Standard Bank.

Hartog said he accepted the authenticity of this and made the payment.

It later emerged that the email had been sent by a fraudster.

Judge Strydom said Hartog did not inquire further as to the reason for the change of account number. He said neither party made a specific election to use emails, and the question was who should bear the risk for the loss and how the fraudster obtained the information to perpetrate the fraud.

“The fraudster must have become aware of an imminent transfer of a substantial amount of money … further he must have obtained the email addresses of Patrick and Hartog,” the judge said.

Hartog submitted that the mandate had a “tacit term” that his clients would exercise utmost caution and ensure the integrity of their emails.

“There is no evidence that the fraudster obtained the information from the respondents. The fact remains, however, that Patrick sent the correct instruction which was received,” the judge said.

It was Hartog who had invited his clients to send instructions and bank details. This invitation was done by email and there was a response to this email using the same means, said Judge Strydom.

“The fact that a fraudster intercepted or obtained information which led to the fraudulent email and payment cannot be used to support the existence of this tacit term. That would amount to using hindsight as a consideration to determine what terms should be imputed into the mandate,” said the judge.

Hartog also sought an order that if he was found liable for the stolen money, then Standard Bank should pay because it had been negligent.

He said there was a dispute of fact on this which could not be decided on the papers and should be referred to trial.

But Judge Strydom said there was no dispute of fact.

The bank said Mr Simelane had opened the account following a FICA process. His identity had been verified and proof of residence obtained and there was no reason to suspect that the account was going to be used for fraudulent purposes.

The bank contended that it had no duty to match an account name with an account number.

Judge Strydom said to find the bank liable, wrongfulness and negligence would have to be established.

Mr Simelane was not an anonymous client and there was no evidence that the bank should have conducted due diligence on the account or that it could have prevented the receipt of funds into it.

The judge said there was no evidence to support a finding that the FICA requirements had been negligently breached.

Hartog’s appeal was dismissed, with costs.

By for GroundUp. Republished under CC BY-ND 4.0.

Now read: Energy minister’s load-shedding lie

Latest news

Partner Content

Show comments


Share this article
Lawyer must cough up after cybercriminals steal clients’ R1.4 million