Skip to main content

Serious consequences for companies that invoice via email

Serious consequences for companies that invoice via email

John J2South Africa's largest law firm, ENSafrica, has recently been ordered to pay a cybercrime victim R5.5 million after a syndicate successfully hacked into a client's email during a property transaction.

The hackers altered the bank account number in a PDF invoice sent by the law firm, resulting in the client losing a substantial amount of money.

ENSafrica was handling the conveyancing of a house. Unfortunately, the funds intended for the law firm's trust account, were redirected to the account of a hacker and swiftly taken away. The client took legal action against the law firm, alleging that they had failed in their duty of care by negligently not informing her of the dangers of hacking or taking necessary measures to prevent it.

This court decision serves as evidence that companies can face consequences for using plain and unsecured email for invoicing purposes. The judgment stated that the law firm failed to provide adequate warnings to the client regarding potential cyber threats.

Email has become an essential part of our daily lives. We use it to communicate with friends, family, and colleagues, as well as to manage our finances, purchase goods, and access important information. However, despite its many benefits, email is also a favourite target for cybercriminals.

Email cybercrime, or "phishing," is a rapidly growing threat that can have devastating consequences for individuals and organisations alike. In this article, we will discuss the dangers of email cybercrime and what you can do to protect yourself.

One of the biggest dangers of email cybercrime is the theft of your credentials and identity theft. Cybercriminals use phishing emails to steal personal information, such as passwords, to gain access to your systems and online platforms.

This information can then be used to steal money from bank accounts, make unauthorised purchases, or even take out loans in your name. The consequences of identity theft can be severe, leaving victims with ruined credit, legal problems, and a great deal of stress and anxiety.

Another danger of email cybercrime is the spread of malware. Cybercriminals use phishing emails to trick people into downloading malware, which can infect their computers and give the attacker control over their devices.

Malware can be used to steal personal information, install additional software, or even launch attacks on other computers. In some cases, malware can even turn your computer into a "zombie" that can be used to participate in a larger cyberattack.

A third danger of email cybercrime is the spread of scams and fraud. Cybercriminals use phishing emails to trick people into giving them money or personal information. They might claim that you have won a prize, owe taxes, or need to update your account information.

If you fall for these scams, you could end up losing money or giving away sensitive information or access to systems that allow for malicious cyber criminals to extort you or your business for large sums of money.

To protect yourself from email cybercrime, it's important to be vigilant and take steps to secure your computer and email account. Here are some tips:

  1. Enable Multi-Factor Authentication (MFA): Use MFA on every platform possible to add an extra layer of security to your email account. This additional layer will go a long way in protecting yourself and those connected to you.
  2. Be wary of unexpected emails: If you receive an email from an unknown sender or one that seems suspicious, don't open it or click on any links. If an email arrives that is different to the normal method of interacting with a sender or business, treat it as malicious.
  3. Verify the sender: If you receive an email from a company or organisation, verify that it's legitimate by visiting the company's website or contacting them directly. Do not use the contact details provided in the email.
  4. Use strong passwords: Make sure your email account and computer are protected with strong, unique passwords. I recommend using a good password manager to ensure unique and near impossible to guess passwords for each platform. Password reuse is a high-risk behaviour.
  5. Keep your software up to date: Regularly patch or update all software and systems to continually deploy the latest fixes to new vulnerabilities. Failure to patch vulnerabilities, is high risk and can provide access to malicious actors.
  6. Be cautious with attachments: Be careful when opening attachments, especially if they are from unknown senders. Attachments can contain malware or viruses that can infect your computer. I suggest using an additional email gateway that can prevent malicious attachments from getting to your users.
  7. Educate yourself and others: Stay informed about the latest email scams and phishing tactics, and share this information with friends, family, and colleagues.
  8. Monitor systems for strange and anomalous activities to allow you the ability to respond.
  9. Configure your platforms securely, many people do not know that large cloud platforms do not come with all required security in place. Use the capabilities of these platforms to restrict login locations, log events and monitor for changes. It is these changes that can help us identify when an account is compromised.
  10. Deploy secure email capability that gives you the ability to send secured attachments to your clients.
  11. Engage an established cyber security focused business to help you on this journey.
  12. Using an expert will allow you to build out resilience. Assume compromise, know that something will fail and one of your security layers will be breached. A solid cyber resilience plan will allow you to identify this and your layered defence will ensure that one layer does not bring down then entire infrastructure.

This warning applies not just to law firms but also to any other organisations that use plain email to exchange information related to financial transactions without implementing additional security measures and without providing sufficient education to their clients.

This court ruling highlights the fact that businesses (not just legal firms) engaged in financial transactions must now not only secure their own systems but also actively help and educate their clients about the risks of sending sensitive information through standard email. It raises the question of whether businesses are doing enough to inform their clients about these dangers.

In conclusion, email cybercrime is a serious threat that can have devastating consequences for individuals and organisations. By being vigilant and taking steps to protect yourself, you can reduce your risk of becoming a victim. Remember, if something seems too good to be true, it probably is. Don't be afraid to ask questions, and always be on the lookout for suspicious emails.

Published by FAnews