A company which fell prey to cyber scam will have to pay its debt to the supplier it thought it had made an electronic payment to.
In this day and age with scamming being so prevalent, it is the duty of the debitor to ensure that the banking details in which the electronic payment is made into, are correct.
This is according to the Western Cape High Court, after a company called Gripper & Company Ltd (plaintiff) claimed more than R800 000 from Ganedhi Trading Enterprises CC (defendant). The latter bought equipment from the plaintiff, but without realising it, paid the purchase amount into the bank account of scammers.
This mistake was only discovered three days later, after the scammers had cleared the amount.
The fraudsters were so shrewd, that the email address in which they forwarded details of the fraudulent bank account, only differed with one letter from that of the authentic email sender - a discrepancy which was never noticed by the defendant.
The plaintiff and the defendant had been dealing with each other since 2014. Throughout this time, the plaintiff had received payments from the defendant in a specified Standard Bank account.
In 2021 the plaintiff had agreed to sell valves to the defendant for the amount of R886,726.25. The valves meanwhile were duly delivered. Both the invoice issued and the delivery note signed by the defendant contained the long-standing Standard Bank banking details of the plaintiff.
But the defendant, as per instruction on an email, paid the amount into what it believed to be the plaintiff’s new Absa Bank account and thus fell victim to a sophisticated fraud perpetrated by an unknown third party.
The message on the fraudulent email stated that the Plaintiff has changed banks and that from now on all payments had to be done via the Absa account. As the email address looked the same, and without realising that the name of the sender missed one letter, the defendant made the payment.
Acting Judge Michael Janisch noted that the defendant’s representatives did not make telephonic contact with the Plaintiff’s representatives to confirm the change of banking details. They were merely satisfied that the emails received were legitimate, as a result of which they made the payment.
The defence was that the plaintiff’s email system must have been hacked by a third party, for which it (the plaintiff) was to blame. It put up an expert report to say that there was no record of its own systems being compromised and the defendant said thus it was not its fault that the money landed in a fraudulent account.
But the plaintiff said that its email/server security had never been compromised. It argued that the fraud had not been perpetrated out of its own domain and added that it did not even know about the scam until the defendant altered it.
Judge Janisch said unfortunately, cases presenting with this or a similar fact pattern are all too common in the current era. “Cyber-crime is rampant, and has been for many years. Schemes to divert money legitimately owed to unauthorised bank accounts, without the knowledge of either party, are a common occurrence…Unsurprisingly, when this sort of event has occurred, disputes have arisen as to who should bear the risk of loss.”
He said the onus was on the defendant to ensure that they paid the money into the correct account, especially as the company it had been dealing with over many years claimed to have changed its bank and had another bank account.
“Had it made a simple telephone call, it would have established that the invoice was fraudulently changed and it would not have made payment into the incorrect bank account,” the judge said.
He ordered that the defendant had to pay the debts, together with interest.
Pretoria News