We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Managing Commercial Risk: Cyber Crime

February 2016 saw the Home Secretary, Theresa May, announce a taskforce consisting of police, banks and government officials to combat fraud across the UK.
The rise of fraud resulted in its inclusion in the official Crime Survey of England and Wales for the first time in 2015.  The BBC recently reported figures suggesting that five million frauds occur every year in England and Wales, approximately half of which result in financial loss. The numbers are significant but perhaps no longer surprising.

The frauds, including those which are attempted on commercial businesses, have become increasingly plausible and ‘sophisticated’.  Gone it seems are the days when all that was necessary to avoid becoming the victim of online fraud was to disbelieve an email from an individual purporting to be a relative of a wealthy foreign official offering huge riches in return for a small (in relative terms) payment to help that individual out of a bind and to release the monies to you.
Fraudsters have developed the ability to mimic the webpages or the email accounts of banks and other institutions (so called phishing), have created elaborate phone call routines designed to obtain valuable information (so called vishing) and have created webpages and weblinks which if accessed causes the download of a Trojan horse, virus or other malware (so called smishing).  All these scams are designed to coerce you into making payments to a fraudster’s account or into giving up information to enable the fraudster to transfer money from your account.

A taskforce focused on tackling these issues is a welcome development. The taskforce’s responsibilities will include: seeking to speed up intelligence sharing between banks and law enforcement, seeking to identify weaknesses in computer systems and processes capable of exploitation by fraudsters and addressing the issue of the difficulties that victims face in getting refunds.

Action Fraud is the UK’s existing national fraud and internet crime reporting centre.  Together with the Metropolitan Police, they have produced detailed guidance (beyond the scope of this article) on fraud trends, fraud strategy, fraud prevention and appropriate action to reduce fraud risk.  Action Fraud’s guidance is a must read for businesses.

However, the principle focus of the crime enforcement agencies is on prevention and then the element of criminality; the aim being to put the fraudsters out of business and potentially ‘behind bars’ insofar as resources allow.  Recovery of the loss suffered as a result of the fraud is often a secondary consideration.  For those with the means to take matters into their own hands, leaving the matter to the criminal processes may not be the only option.

Where a fraud has occurred, time is of the essence.  Monies have been moved from your account to another account.  From there, the fraudster will either seek to withdraw those monies or more likely move them on again (and again and again).  Reporting the fraud to your bank and also to the recipient bank (ordinarily ascertainable from the sort code details from the payment made) as a matter of urgency is as imperative as alerting the authorities.
From there, the recipient bank may take steps to block the account.  If the bank takes this step, it is likely only to be a temporary measure but may afford enough time for you to seek the urgent and necessary relief required from the civil courts.  The recipient bank is in a difficult position.  On one hand, it owes a duty to its customer who may or may not be a fraudster.  On the other hand, it is being notified of a fraud potentially involving its customer with the potential for exposure to knowing assistance from the point it is put on notice of the fraud.

From here, an application to court for a freezing order in respect of the account is required.  This ought to be supported by an application to seek what is known as a Bankers Trust Order (named after Bankers Trust Company v Shapira and others [1980] 1 WLR 1274).  A Bankers Trust Order is an order for information from the bank concerning the account holder.  A successful application in this regard not only freezes the accounts (and the monies that remain) but also reveals the movement of monies (if any) for successive applications together with the identity and address and other pertinent details of the account holder for the service of proceedings.  Where the money remains in the account and the bank account holder fails to respond to proceedings, a default judgment may be obtained and either the monies returned voluntarily by the bank upon sight of such judgment or following a third party debt order on that judgment.

Seeking injunctive relief to pursue recovery and the information needed to pursue recovery is to seek the exercise of one of the strongest powers available to the civil courts.  It is not a cheap process but where the amounts misappropriated are significant, it offers a proactive means to recover or mitigate losses from fraud.

This article was written by Jamie Cartwright. For more information please contact Jamie on +44 (0)1483 252618 or jamie.cartwright@crsblaw.com