MAIN IMAGE: Khairiyah Safeda, founding director of Safeda & Associates
Senior writer
As the incidences of cybercrime increase, property professionals, including conveyancers, are increasingly relied on to ensure that clients take extra steps to protect their financial transfers on property deals.
Case study
A recent court decision about a property buyer’s loss of R5 million highlights how devastating a cybercrime act can be.
In the ENS vs Hawarden case, cybercriminals altered the conveyancer’s bank details in an email, tricking the client into transferring funds to a fraudulent account. Initially, Hawarden won in the High Court, but the Supreme Court of Appeal reversed this decision, highlighting the need for rigorous verification processes.
Ms Hawarden was previously warned of cybercrime and informed by Pam Golding to verify bank details. She did so with Pam Golding’s trust account but failed to do so with ENS’s account, for which she had no legitimate reason. She should also have checked the email address that had provided the account details, which, although subtle—ensafirca.com and not ensafrica.com—proves just how vigilant she needed to be.
The Appeal Court stated that it was impossible for ENS to control the interception of emails. Ms Hawarden could also have asked her bank to verify the bank details.
The issues
We asked Khairiyah Safeda, founding director of Safeda & Associates, to comment on this case and provide advice for property professionals.
“We likely all know that cybercriminals exploit vulnerabilities in email communications between clients and conveyancers and property practitioners using phishing tactics to gain access to email accounts and then intercept emails containing sensitive information.
“This has required, particularly, conveyancers to introduce robust cybersecurity measures such as two-factor authentication and encrypted communication channels. Alongside it has also become vital to educate clients about the risks of Business Email Compromise (BEC) scams and emphasise the importance of verifying bank details over a phone call or in person rather than relying solely on email.
“In my personal opinion, all electronic communications are open to interception by cyber criminals, even encrypted emails and WhatsApp messages,” she says.
Property practitioners and buyers/sellers
It’s not just conveyancers who are under attack. Property professionals and their accounts are also exposed. As a bridge between the conveyancer and the client, conveyancers have a crucial role in educating their clients about potential cyber threats, especially as they are the first contact person in the property transfer chain.
“Agents are in an excellent position to inform and guide their clients on the importance of verifying bank details and using secure communication methods. This knowledge helps maintain trust and ensures the safety of transactions,” says Safeda.
Industry bodies, such as banks, should also play a role in disseminating this crucial information to ensure widespread awareness.
Buyer’s onus
Yet another cog in this wheel of awareness is the buyers themselves, as per the court findings in the aforementioned case. Buyers must verify the payment details provided in emails by calling their conveyancer using a trusted contact number. “This step significantly reduces the risk of fraud by ensuring that the bank details are correct and not altered by cybercriminals.”
Even then, in Safeda’s opinion, this voice verification is not entirely safe as the cybercriminals may have altered even the cellphone number in the email. “With voice cloning technology, it is easy to clone someone’s voice and pretend to be the conveyancer. How would the client know if it’s me or someone else that has cloned my voice?”
Multiple layers of verification are employed to prevent cyber threats in Safeda’s practice. This includes sending bank details via a combination of email, WhatsApp, and a follow-up phone call. “Yes, we use all three!” she says. “We also advise our clients that should any of the bank details in any of one of the three methods differ, then the communication has been compromised somewhere along the chain, and it is best to meet face to face, especially as my voice may be cloned.”
Additionally, clients are asked to use bank guarantees as it is the safer option rather than transferring large sums of money. “If a large sum of money needs to be transferred, we recommend an initial transfer of a small sum of money – say R100 – and calling to ensure that we have received it. If not, then only this sum has been lost. If the money reflects, the client may save us as a beneficiary and transfer the balance.”
Points to note:
- Conveyancers and clients should consider taking out insurance against cyber threats.
- Regular training and updates on cybersecurity best practices can further protect all parties involved in property transactions.
- Add a cyber-security warning to all emails and documents involving payments, e.g., “Please see the text in red below in our email signature.” Bear in mind that people do not read the fine print and email signatures.
- Always advise clients that your company will not change your bank account details and will not accept an email from a client advising that their bank account details have changed.