Fraudster Lacked Apparent Authority

The English High Court recently addressed the principles applicable to apparent or ostensible authority in a case involving fraud. In this case, a fraudster inserted themselves in a relationship between a buyer and a seller and made off with the proceeds of two jet engines. Our Commercial Disputes team examines the decision.

This case involved a fraudster who inserted themselves in a relationship between a buyer and seller of two jet aircraft engines.[1] As a result, the buyer transferred the purchase funds to the fraudster’s bank account rather than the seller’s. The seller refused to release the engines and the buyer went to court to try to get the engines delivered. The buyer argued that the fraudster had apparent or ostensible authority to act on the seller’s behalf. This legal concept arises where a person reasonably appears to have the power or authority to act on behalf of another, even where they do not have actual authority. If someone makes a contract with an agent based on the agent’s apparent authority, the person the agent claims to or appears to represent can be legally bound by that contract. In dismissing the claim, the Court reviewed the law on apparent or ostensible authority. The legal analysis is of use generally, but is particularly relevant to the growing number of cyber fraud cases, where fraudsters are becoming increasingly sophisticated.

Background

Logix Aero Ireland Ltd agreed to buy two Pratt & Whitney aircraft engines from Siam Air Repair Co. Ltd. The sale was introduced to Siam by a third party, Sky Aeroservices SARL. The negotiations were largely conducted by e-mail and a letter of intent was entered into in early July 2024. It provided for:

• The payment price of each of the engines
• A deposit to be paid, with Siam’s account details included, and
• The obligations arising from the sale to be subject to English law and under the jurisdiction of the English courts.

A representative of Siam sent an email to Logix’s representative, with nine other email addresses at Siam, Logix and Sky Aero on copy, in July 2024. This email was genuine and all email addresses were correct. However, later that day, by way of a claimed follow up, the Logix representative received an email from a domain set up to be very similar to Siam’s. The fraudster had set up fake domains similar to those used by each of the three companies and used fake email addresses to communicate with the parties. Emails were sent by both parties afterwards to the false domains, with the fraudster falsifying and controlling the communications as between the buyer and seller. As a result, the buyer and seller were no longer actually communicating with each other even though they believed they were. Instead they were in fact communicating with the fraudster. In this way, the fraudster controlled the relevant narrative and details of the communications passing between the buyer and seller. In particular, the fraudster replaced Siam’s bank account details in the final sale and purchase agreement (SPA) with their own account details. As a result, $824,900 was ultimately transferred on 21 August 2024 to the fraudster’s account. Forensic IT specialists confirmed that neither the buyer’s nor seller’s IT systems had been hacked or compromised. When Siam refused to release the engines, Logix issued proceedings and Siam sought to have the case struck out on the grounds that it disclosed no reasonable cause of action.

Decision

The main argument put forward by Logix[2] was that Siam had provided certain documentation, which was the subject of a confidentiality clause, including the SPA, to the fraudster. The fraudster then sent this documentation onto Logix in manipulated form. Logix argued that the actions of Siam allowed it to appear to Logix that the fraudster had been entrusted with the conduct of the negotiations. It appeared that the person communicating with Logix, i.e. the frauster - could only have the information / documentation with Siam’s authority, especially given the confidentiality clause. Logix thought it was dealing with an authorised agent as a result. Siam disputed that there was any apparent authority. It said there was no executed SPA due to the fraud as it had signed a different document to Logix and it had never represented to Logix in any way that the fraudster was acting on its behalf. The Court was satisfied that Logix’s argument was without merit. There had been no representations made, by words or conduct, that the fraudster had been authorised to act on Siam’s behalf. By virtue of the fake domains, it was clear that Logix believed it was communicating with Siam at all times, and vice versa. Therefore, no third-party involvement was considered by either party. In addition, the Court held that since “the appearance of authority must emanate from the principal”, the alleged agent could not authorise itself.

Ms Justice Williams[3] noted the following points regarding apparent or ostensible authority:

• This type of authority arises where a principal, through their words or conduct, represents or allows it to be understood that another has authority to act on their behalf in the relevant transaction.
• On the faith of that representation, the principal is then bound by the actions of the apparent agent regarding anyone dealing with them, even if they had no actual authority.
• If a person acts upon the representation by contracting with the apparent agent, the principal will be estopped or prevented from maintaining he/she is not bound by that contract.
• The representation can take a variety of forms, and can be expressly made orally or in writing. The most common is by conduct, which includes permitting the agent to act in the conduct of the principal’s business with other persons.
• The authority of the agent to enter into transactions of a type that are ordinarily undertaken by a person appointed to a particular position to do so is known as ‘usual authority’.
• The appearance of authority must emanate from the principal and an agent cannot ordinarily self-authorise.[4]
• If the third party does not know of the existence of any principal, there can be no apparent authority. The mere fact that the principal enables the agent to commit fraud by putting the agent in a position it can do so is not decisive itself. There is no estoppel through negligence.

Ultimately, as noted by the Court, the fraud was only successful in getting the purchase payment because both parties were sending material to the fraudster, which the fraudster was then manipulating and feeding to the other party. A differently structured fraud may not have worked.

Conclusion

The decision is a useful reminder of the legal principles which apply when proving of claim of apparent authority, as Logix claimed here. However, the decision also highlights how apparent authority can be relevant in cases of cyber fraud. Fraudsters often act in clever and sophisticated ways to benefit from other people’s business dealings. This type of fraud is becoming more common. Although the facts here did not support the apparent authority argument, a different set of circumstances could have resulted in a different conclusion. Also, while neither party was guilty of wrongdoing here, the case demonstrates that at least one “innocent” party to a cyber fraud event can have significance monetary consequences to bear. Having robust systems to minimise the risk of cyber crime is key and having processes to quickly identify if cyber crime has occurred is vital. It is also important for businesses to consider whether they have the right insurance to cover cyber crime risks. Commercial parties should make sure their insurance:

• Is suitable for the nature of their business, and
• Gives them enough protection.

If not, a party might end up having to rely on arguments about apparent authority to shift the consequences of a cyber fraud. In these cases, the specific facts will be crucial.

For more information and expert advice on commercial disputes, contact a member of our Commercial Disputes team.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

[1] Logix Aero Ireland Ltd v Siam Aero Repair Co [2025] EWHC 1283 (KB)

[2] Logix’s claim was in flux, partly because Logix had delivered a draft Amended Particulars of Claim, based on which the Court was asked by the parties to determine the application.

[3] Relying on The Law Debenture Trust Corp plc v Ukraine [2023] UKSC 11, paras 39-42, and Bowstead and Reynolds on Agency (23^rd Ed), paras 8-009-022.

[4] Referencing Armagas Ltd v Mundogas SA (the Ocean Frost) [1986] AC 717.