Social Engineering Fraud Case Law
⚖️ Case Law: Social Engineering Fraud in the UK
1. Philipp v Barclays Bank UK PLC [2023] UKSC 25
Facts: Mrs. Philipp was tricked by fraudsters into transferring £700,000 to accounts in the UAE. She sued Barclays, claiming the bank should have detected and stopped the fraudulent transaction under its duty of care.
Legal Issue: Whether the bank owed a duty to protect customers from authorised push payment (APP) fraud caused by social engineering.
Decision: The Supreme Court held that banks do not owe a general duty to intervene in authorised transactions, even if fraudulent, unless specific circumstances apply.
Significance:
Landmark case on APP fraud and social engineering.
Highlights the limitations of customer protection in bank transfers.
Reinforced that customers bear the risk in authorised frauds unless misfeasance by the bank is proven.
2. TIB Development Bank v Barclays Bank UK PLC [2022] EWHC 3426 (Comm)
Facts: A Nigerian bank fell victim to a CEO fraud, where hackers impersonated executives and induced payments to fraudulent accounts.
Legal Issue: Whether Barclays was liable for allowing fraudulent payments and failing to perform proper checks under Quincecare duty (a duty of care owed by banks to prevent instructions carried out in fraud).
Decision: The High Court rejected liability, holding that there was no clear breach of duty, especially where the instructions appeared genuine.
Significance:
Demonstrates that Quincecare duty has a narrow scope.
In social engineering, courts require banks to have clear warning signs before imposing liability.
3. CMOC v Persons Unknown [2017] EWHC 3599 (Comm)
Facts: The claimant company was defrauded of $10 million via email compromise and fake invoice fraud (a form of social engineering).
Legal Issue: Obtaining Norwich Pharmacal Orders and Bankers Trust Orders to trace and recover funds from fraudsters.
Decision: The court granted the orders, enabling the claimant to identify bank accounts and recover stolen funds.
Significance:
Key case for civil remedies in social engineering fraud.
Shows how victims can use the courts to trace assets and unmask anonymous fraudsters.
4. Federal Republic of Nigeria v JP Morgan Chase Bank NA [2022] EWHC 1447 (Comm)
Facts: Nigeria sued JPMorgan for transferring $875 million from an oil deal despite being warned the transaction might be fraudulent.
Legal Issue: Whether the bank breached its Quincecare duty by failing to act on red flags.
Decision: The court dismissed Nigeria’s claim, finding that the bank acted within its duty, even if the transaction was tainted.
Significance:
Demonstrates how social engineering involving state actors complicates the application of duty of care.
Shows the high threshold needed to prove bank negligence in complex frauds.
5. Northrop Grumman Mission Systems v BAE Systems [2014] EWHC 3148 (TCC)
Facts: In a procurement contract, the claimant was induced to pay under a fraudulent invoice scheme involving internal manipulation.
Legal Issue: Misrepresentation and breach of contract due to fraudulent instructions in commercial dealings.
Decision: The court found in favour of the claimant, holding that fraudulent misrepresentation via social engineering vitiated consent.
Significance:
Shows how social engineering fraud can trigger contract remedies.
Misrepresentations that lead to payment obligations can result in rescission or damages.
6. Singh v Hicken [2020] EWHC 2292 (Ch)
Facts: The defendant was manipulated by fraudsters into transferring money to third parties. The claimant sought to recover the funds that ended up in the defendant’s account.
Legal Issue: Whether unjust enrichment applied and whether the defendant had knowledge of the fraud.
Decision: The court held that while the defendant did not commit fraud, restitution was ordered under unjust enrichment principles.
Significance:
Addresses liability of innocent parties in the chain of social engineering fraud.
Shows how victims can recover losses through civil recovery routes.
📌 Legal Principles from These Cases
| Legal Concept | Explanation |
|---|---|
| Authorised Push Payment Fraud | Fraudsters trick victims into authorising payments themselves; hard to reverse. |
| Quincecare Duty | Banks must refrain from executing instructions if they are “put on inquiry” of fraud. |
| Norwich Pharmacal Orders | Allows victims to obtain third-party info to identify fraudsters (e.g., from banks). |
| Unjust Enrichment | Victims may recover money from those who were wrongly enriched even without intent. |
| Misrepresentation | Victims misled by fraudulent claims (in invoices or emails) can void contracts. |
🔍 Summary
Social engineering fraud cases in the UK demonstrate a nuanced legal landscape where criminal, civil, and financial law intersect. While criminal liability often falls on the unknown fraudsters, civil liability may be pursued against banks, intermediaries, or third parties under:
Quincecare duty (narrowly interpreted)
Misrepresentation
Unjust enrichment
Tracing and recovery orders
However, courts generally uphold that if a customer authorises a payment, banks are not automatically liable, even if that payment was induced by fraud — unless clear signs of deception were ignored.
RELATED Blog
0 comments