Skip to content
Rosie Duplessis

Chartered Legal Executive - Brighton

29th July 2021

Recovering Funds Following Cyber Fraud

Recovering Funds Following Cyber Fraud

A comment on the civil route to recovery

Financial cyber fraud is a concept which has become increasingly familiar to both individuals and companies in recent years.

Tales of misdirected funds and erroneous transfers plague the news and social media. Everybody could probably name at least one person who has suffered a loss or at the very least, a near miss.

As cyber criminals become increasingly sophisticated, funds can be moved out of the UK. Often the passage of funds traverses multiple accounts and the identity of the cyber criminal is not known.

This article will consider the legal options available to recover funds lost as a result of cyber fraud, particularly where the identity of the criminal/s is not known.

We will touch on the key considerations and seek to provide some insights into the legal toolkit which can be utilised to help your business in the event of cyber fraud.

Leading The Way

CMOC Sales and Marketing Limited v Persons Unknown & 30 Ors [2018] EWHC 2230 (Comm) (“CMOC”) was the ground-breaking case for cyber fraud litigation.

As a lawyer, the strategy of those instructed and the willingness to embrace application of the existing Law to a modern fraud is evidence of the Court’s positive move forward to embrace change in the face of modern technological advancements.

The Factual Matrix of the Case

Cyber fraudsters discovered an unsophisticated relationship between the Company and a London Bank. The fraudsters gained access to the Companies internal email servers and simply observed (undetected) the day to day relationship between the Company and its Bank.

Once confident of their position, the cyber fraudsters caused the London Bank to pay out  in excess of 8million dollars to various accounts in 19 jurisdictions around the world.

Issuing a Claim and difficulties with identifying the Defendant

Most civil litigation cases involve a claim against a known Respondent. Whether it be Directorial disputes or contractual failures, we usually know who we are acting against.

Of primary concern in the CMOC case was the lack of material information. Who had ‘hacked’ the accounts, where had the money been sent, where was its ultimate destination, who had assisted in the fraud and were there any ‘innocent’ third parties whose accounts had been used without their awareness of the fraud.

The cross jurisdictional nature of the fraud meant that the well-known ‘Norwich Pharmaceutical’ application for information from a third party was not available to the claimant. Therefore, obtaining the details of the passage of the funds through the bank accounts was not possible through this route. The Bank was not allowed to divulge the information on third party accounts through which the funds had passed and so the claimant was no closer to discovering the identities of the parties involved.

Instead, the claimant company issued against ‘Persons Unknown’. It was a novel interpretation of Civil Procedure Rules ( PD7 Para 4.1) and it was accepted by the Court that the inability to name the Defendant/s directly would not be automatically fatal to a claim.

Once the claim had been issued, the Court then agreed that worldwide freezing Orders and Proprietary Orders against a well-defined class of ‘Persons Unknown’ was proper in a cyber fraud scenario. Therefore, funds and assets of the unidentified persons were ‘marked’.  In logical terms to freeze the assets of parties unknown is a constructive nonsense. However, it opened up to the claimant another potential route to apply to the Bank for disclosure of the bank account details.

Ancillary Disclosure flowed from these freezing Orders and Proprietary Orders and was required to give ‘bite’ to the freezing and Proprietary Orders. The Court could accept that in order to gain any material benefit from your hold over assets, you had to know to whose assets you had a right over.

A ‘Shapira Order’ was granted; being a focus on the equitable right to follow the trail of the money. This, when coupled with interpretation of CPR25.1(1)(g), gave the claimant a legal basis to seek third party disclosure from the relevant Bank, despite the cross jurisdictional elements and the inability to access a Norwich Pharmaceutical Order.

The identity of some of those involved in the cyber fraud began to be discovered.

Basis of the Claim

The claims were primarily Proprietary claims, claims in Knowing Receipt, claims for Dishonest Assistance, claims for Unlawful Means Conspiracy and claims in Unjust Enrichment.

These varied depending on the class of Defendant and their argued involvement in the cyber fraud. Some Defendants were the perpetrators, some participants with awareness of the fraud and others participant with awareness of the fraud or at the very least some element of unlawful activity.

Service of the Claim

Another interesting scenario flowing from the CMOC case is the innovative methods of service of the claim.

The Court paid particular heed to the alternative service regimes of CPR 6.15 and 6.37 (5) (b) (i) as well as existing case law.

The Court relied on its broad discretion to allow alternative service.

Without considering in great detail the rationale behind the decisions, service in this case was permitted against named and ‘unknown’ Defendants via a number of methods including:

  1. Email;
  2. Facebook messenger;
  3. Online data room; and
  4. WhatsApp

At Trial

The new ground opened up by this case continued through to trial.

A Summary Judgment would not allow for recovery in other jurisdictions and so a ‘full’ Judgment was required. It was anticipated, however, that the cyber fraudsters would not be likely to attend a hearing; especially in the case of those parties as yet unidentified.

The Court adopted the position that should criteria from past case law be shown (such as proper notice of the claim) and should all the legal points be brought to the Court’s attention (including any prejudicial to the claimant) the Court would be prepared to make a determination on the basis of the evidence and in the absence of the Defendants.

Combinations of the claims were successful against the various classes of Defendant and the claimant was in a position to seek recovery across jurisdictions.

Comments on the Outcome

This case stands as evidence that the mechanics of cyber fraud and the ‘anonymous’ nature of this crime does not mean that a victim cannot seek recovery through the UK Courts.

The UK Court system does not always achieve the best press nor is it always viewed as a fast-moving engine in the face of modern advancements. However, a willingness to interpret existing rules and cases and apply the principles to evolving situations facilitates novel and agile legal outcomes as demonstrated within this case.

If you have suffered from cyber fraud, the legal structure is in place to seek to mitigate your loss and recover lost funds.

If you want to discuss any aspect of cyber fraud and recovery, please do contact our Dispute Resolution team on the below details.

Alistair Rustemeyer

Partner, Solicitor

T: 01273 329797


Rosie Duplessis

Chartered Legal Executive

T: 01273 766929


  • I would like to receive the following newsletters:
  • For more information on how we use your data please see our privacy policy.
  • This field is for validation purposes and should be left unchanged.