The Modern Fraudster: How Courts Are Responding to Social Engineering Fraud
|
In an article for Insurance Journal, Goldberg Segalla partner Jonathan L. Schwartz and associate Colin B. Willmott, members of the Global Insurance Services Practice Group in the firm’s Chicago office, write about social engineering fraud (SEF) and questions over availability of insurance coverage for SEF under commercial crime policies — an issue the Second and Sixth Circuit Courts of Appeals are set to clarify in 2018.
SEF includes now-common types of fraud involving digital communications: phishing/whaling, spoofing, and impersonating or pretexting. “A common example [of SEF] is a fraudster sending an email requesting payment from an address that closely mimics the email of a business executive or an important vendor,” Jonathan and Colin write. “In the age of ubiquitous email, SEF is a major concern for business: 100,000 such attacks occur every day, causing hundreds of millions of dollars in losses annually.” Even more concerning: Insurance coverage for victims of SEF is not certain, as the attacks rely on voluntary acts by the victims. Cyberinsurance policies do not cover SEF, and coverage under commercial crime policies remains uncertain.
Citing illustrative cases, Jonathan and Colin identify three main reasons that a majority of courts have found an absence of coverage in disputes involving SEF:
- Reluctance to determine that losses involving email necessarily result directly from the use of a computer
- Reluctance to find that a transfer of funds requested by an authorized person can be a fraudulent transfer
- Compelling exclusions for “voluntary payments” even when the loss was the product of deception