Phishing scams have become a part of our everyday digital lives, but even though the risks have become ever-present, awareness hasn’t increased in equal measure. The worst part is that even when you were the victim of a phishing scam, the onus of payment still falls squarely into your lap.
Phishing is the blanket term for all cyberattacks that come in the guise of a fraudulent message that aims to trick the receiver into revealing sensitive information to the attacker or requests them to click on a link that installs malicious software on the receiver’s computer.
While many of these communications rely on clever hacking skills and tech-savvy (evil) genius on the attacker’s side, most phishing scams simply rely on negligence and a lack of vigilance on the receiver’s side. Once your information has been shared willingly with an attacker, the blame, unfortunately, lies with you, the receiver. And while investigations will be launched to track the attacker, the money you’ve lost will still be lost (unless you are insured against such an attack), and any bills that needed to be paid before the attack will still need to be paid.
A perfect example of this is the case of Fourie v Van der Spuy and De Jongh Inc. and Others, where the court ruled in favour of the Applicant who lost funds when the Respondents, who had the mandate to deal with the Applicant’s trust money, made a payment into the incorrect bank account after receiving a phishing communication. It was determined that the Applicant’s email server had been hacked and that the fraudulent communication had in fact originated from their server, it remained the Respondents’ responsibility to be vigilant and confirm the bank details and payment request before making payments from the Applicant’s trust.
In more general terms, the case of Galactic Auto (Pty) Ltd v Venter found a Respondent transferring funds for a car purchase into the incorrect bank account. The Court once again ruled in favour of the Applicant (the Dealership), placing the responsibility of vigilance fully on the Applicant when payment needs to be made to a creditor.
Fortunately, the Cybercrimes Act 19 of 2020 does offer some relief to the victims of cybercrimes, as it criminalises unlawful access, use and distribution of data and data messages. Section 8, specifically, relates to hacking, reading as follows:
“Any person who unlawfully and with the intention to defraud makes a misrepresentation by means of a data or computer program or interference with a data or computer program is guilty of an offence.”
While the Act does criminalise cybercrime and phishing, vigilance is still of paramount importance. So be wary of any questionable emails and double-check (and then triple-check) any payment requests and details before making any payments.
If you have already become a victim of cybercrime and phishing, make sure to get the best legal representation to help you through this time.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E&OE)