https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Edward Nathan Sonnenberg|SchoemanLaw|South Africa|Business Email Compromise|Cybersecurity|Social Engineering|Zandrie Rademeyer
|||
edward-nathan-sonnenberg|schoemanlaw|south-africa|business-email-compromise|cybersecurity|social-engineering|zandrie-rademeyer
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

When trust becomes a target: Understanding business email compromise


Close

When trust becomes a target: Understanding business email compromise

Should you have feedback on this article, please complete the fields below.

Please indicate if your feedback is in the form of a letter to the editor that you wish to have published. If so, please be aware that we require that you keep your feedback to below 300 words and we will consider its publication online or in Creamer Media’s print publications, at Creamer Media’s discretion.

We also welcome factual corrections and tip-offs and will protect the identity of our sources, please indicate if this is your wish in your feedback below.


Close

Embed Video

When trust becomes a target: Understanding business email compromise

SchoemanLaw

1st July 2026

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

In today’s digital business environment, email remains one of the most important communication tools for organisations. However, its widespread use has also made it a prime target for cybercriminals. One of the fastest-growing and most financially dangerous cyber threats is Business Email Compromise (BEC), a form of fraud that relies on deception and social engineering rather than malicious software. By impersonating trusted individuals or organisations, attackers manipulate victims into transferring money, disclosing confidential information, or granting access to sensitive systems. As BEC incidents continue to rise globally and in South Africa, businesses and individuals must understand how these scams operate, the legal implications of such attacks, and practical steps to reduce their risk of becoming victims.

What is Business Email Compromise?

Advertisement

BEC is a sophisticated cybercrime that uses social engineering rather than technical attacks to deceive individuals into transferring funds, disclosing sensitive information or providing access credentials. Attackers often impersonate trusted individuals, such as executives or business partners, by hijacking email accounts, creating lookalike domains, or using stolen credentials.

Once they gain access to or imitate legitimate email communications, cybercriminals study communication patterns, writing styles, and ongoing business activities to make their requests appear authentic. These requests commonly involve changing payment details, transferring money or sharing confidential information.

Advertisement

BEC is considered one of the most costly forms of cybercrime because it exploits trust in email communications. Victims are often convinced they are responding to legitimate requests from trusted sources, resulting in significant financial losses. Common examples include fraudulent invoices from suppliers, fake instructions from company executives, and altered payment details in property transactions, all designed to redirect funds to criminal-controlled accounts.

Edward Nathan Sonnenberg Inc v Hawarden

The key South African authority on business email compromise (BEC) is Edward Nathan Sonnenberg Inc v Hawarden 2024 (5) SA 9 (SCA). Ms Hawarden bought a property from a client of the law firm ENS and chose to pay the purchase balance into ENS’s trust account. ENS emailed its banking details to her, but her email account was compromised, and a fraudster substituted the attachment with false banking details. As a result, she paid about R5.5 million into the fraudster’s account.

After discovering the fraud, Ms Hawarden paid the money into the correct trust account and then sued ENS for damages, arguing that the firm owed her a duty of care and should have warned her about the risk of BEC. Although the High Court held the law firm liable for failing to warn her about BEC risks, the SCA disagreed. It found the firm did not owe her a legal duty to protect her from third-party fraud, especially because she had already been warned about cybercrime risks and could have verified the account details with her bank. The Constitutional Court is still considering whether to overturn that ruling, and a reversal could create a new category of civil liability for BEC-related losses in South Africa.

Protect Yourself

To reduce the risk of falling victim to cybercrime, avoid oversharing personal information on social media or other online platforms. Details such as your date of birth, family connections, schools attended, or pet names can be used by criminals to guess passwords or answer security questions.

Be cautious of unexpected emails or text messages that ask you to confirm, update or provide account information. Instead of using the contact details provided in the message, independently find the organisation’s official contact information and verify whether the request is genuine.

Always inspect email addresses, website URL’s, and spelling carefully, as scammers often use subtle variations to impersonate legitimate individuals or organisations. Similarly, avoid opening attachments or downloading files from unknown senders, and exercise caution even when attachments appear to come from someone you know.

Strengthen account security by enabling multi-factor authentication wherever possible and keeping it activated. Before making payments or approving financial transactions, independently verify the request through a trusted communication channel, especially when banking details or payment instructions have changed.

Finally, be alert to messages that create a sense of urgency or pressure you to act immediately. Urgent demands are a common tactic used by fraudsters to prevent victims from taking the time to verify the legitimacy of a request.

Conclusion

BEC represents a significant cybersecurity threat because it exploits human trust rather than technological vulnerabilities. The South African case of Edward Nathan Sonnenberg Inc v Hawarden highlights the serious financial consequences that can result from these attacks, as well as the evolving legal questions surrounding liability for BEC-related losses. As cybercriminals continue to develop increasingly convincing methods of deception, organisations and individuals must remain vigilant. By implementing strong security measures, verifying payment instructions independently, and maintaining awareness of common fraud tactics, businesses can significantly reduce their exposure to BEC and protect themselves from potentially devastating financial and reputational harm.

Written by Zandrie Rademeyer, Candidate Attorney, SchoemanLaw Inc

 

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE      ARTICLE ENQUIRY      FEEDBACK

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here


About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za