Beware of The Man-In-The-Middle: Email Interceptions and Cybercrimes

?With the rapid advancement of technology, cybercrime is on the rise and is an immense concern for law firms and business enterprises. Email interceptions and man-in-the-middle attacks where an attacker intercepts and transfers messages between two individuals who are of the belief they are communicating with each other allows such attackers to access banking details and account information enabling impersonation and fraud.

?What happens when one’s banking details are altered as a result of email interception? The Bloemfontein High Court recently dealt with this issue on appeal in?Mosselbaai Boerendienste (Pty) Ltd t/a Mosselbaai Toyota v OKB Motors CC t/a Bulfontein Toyota (A43/2021) [2024] where the appellant raised a claim against the respondent premised on an agreement to purchase a Toyota Etios 1.5 Sprint HB motor vehicle for R159 353.76. The purchase price was due and payable upon delivery of the vehicle, which the respondent failed to pay. In response to the appellant’s claim, the respondent raised a special plea of estoppel on the basis that the appellant had sent an invoice to the respondent with the necessary banking details, which the respondent acted in accordance with, as the appellant made the representation that that was the appellant’s correct banking details.

?Furthermore, the respondent pleaded that the representation made by the appellant resulted from the appellant’s negligence as the appellant’s email was “spoofed” and simultaneously delivered a conditional counterclaim. The appellant denied that it made any false representation and further that the banking details on the invoice received by the respondent are its banking details. Additionally, the appellant denied any negligence but pleaded in the alternative that if the plaintiff succeeded in proving that it suffered damages, such damages were caused by the respondent’s own negligence in failing to pay attention to the warning provided by Toyota dealers of “spoofing” and did not take reasonable steps to avoid being a victim of such “spoofing”.?

?The court a quo found the respondent successful with its defence of estoppel on a balance of probabilities, finding that the incorrect invoice it received constituted a misrepresentation by the appellant and stemmed from the appellant’s negligence.?

The court on appeal addressed the issue of the doctrine of estoppel, which occurs when an individual (the representor) is precluded or estopped from refusing the truth of a representation formerly made to another individual (the representee) if the representee, believing the truth of the representation, acted on such representations to the representee’s detriment.

?Since the respondent wished to rely on estoppel, it had the onus of proving the essentials of the doctrine and, furthermore, that the representation, which they urged was by conduct, was caused by the appellant’s negligence. The court found that although the appellant had negligently failed to secure their email domain, the respondent failed to prove that the negligence was the proximate cause to its action and that its reliance on such representation was not reasonable as the respondent did not take any steps to verify the banking details enclosed on the invoice received before paying the appellant. Thus, it was stated that the respondent’s own conduct caused it to make the payment into the incorrect bank account as there is an obligation for one to act reasonably in circumstances where one is aware of cybercrimes.?

?

To avoid being a victim to cybercrimes, we urge that special attention is given to disclaimers regarding such. The increase in email interceptions is alarming and can lead to dire consequences. It is therefore encouraged that confirmation of banking details sent via email is made before payments are made.

?

?

Name: Anisa Govender

Position: Director

Department: Maritime Tel: 031 536?7566

Email: [email protected]

?

Name: Tanatswa Chinyanga

Position: Candidate Attorney

Department: Litigation??? Tel: 031?536 7512

Email: [email protected]

The content of this document is intended only to provide a summary and general overview of matters of interest. It is not intended to be comprehensive, nor does it constitute legal or other professional advice. You should seek legal or other professional advice before acting or relying on any content.

?