Fool Me Once: Insurance Coverage for Social Engineering Scams Under Judicial Review, PropertyCasualty360
Imagine the excitement of being hand-picked by the CEO to execute an important and confidential financial transaction that is expected to take your company to the next level! Then imagine the emptiness of learning that there was no acquisition, the email you received with confidential instructions wasn’t really from the CEO, and the money you wired is gone forever. You’ve been duped — the email was sent by an imposter with a spoofed email made to look real. And if you’re the CEO, imagine finding out you have no insurance coverage for this loss! Unless you bought a specific endorsement, you probably don’t.
In November 2017, the FBI noted a 2,370% increase in such incidents in the last two years and more than $5 billion in related losses over the last four years worldwide. The increasing prevalence of “social engineering” or “business email compromise” schemes has made waves in the insurance industry and has forced courts to answer this question: Is a financial loss connected to an email “spoof” covered by standard Computer Fraud or Funds Transfer Fraud insuring clauses found in commercial crime policies or financial institution bonds?
Phishing emails can fool anyone from the CEO to the most junior accounting clerk. (Photo: iStock)