The Modern Fraudster: How Courts Are Responding to Social Engineering Fraud

In an article for Insurance Journal, Goldberg Segalla partner Jonathan L. Schwartz and associate Colin B. Willmott, members of the Global Insurance Services Practice Group in the firm’s Chicago office, write about social engineering fraud (SEF) and questions over availability of insurance coverage for SEF under commercial crime policies — an issue the Second and Sixth Circuit Courts of Appeals are set to clarify in 2018. SEF includes now-common types of fraud involving digital communications: phishing/whaling, spoofing, and impersonating or pretexting. “A common example [of SEF] is a fraudster sending an email requesting payment from an address that closely mimics the email of a business executive or an important vendor,” Jonathan and Colin write. “In the age of ubiquitous email, SEF is a major concern for business: 100,000 such attacks occur every day, causing hundreds of millions of dollars in losses annually.” Even more concerning: Insurance coverage for victims of SEF is not certain, as the attacks rely on voluntary acts by the victims. Cyberinsurance policies do not cover SEF, and coverage under commercial crime policies remains uncertain. Citing illustrative cases, Jonathan and Colin identify three main reasons that a majority of courts have found an absence of coverage in disputes involving SEF:

1. Reluctance to determine that losses involving email necessarily result directly from the use of a computer
2. Reluctance to find that a transfer of funds requested by an authorized person can be a fraudulent transfer
3. Compelling exclusions for “voluntary payments” even when the loss was the product of deception

“Coverage for SEF claims under commercial crime policies is generally insurer-friendly, but only a handful of jurisdictions have analyzed the issue,” they write. “Nevertheless, rulings in 2018 from the Second and Sixth Circuits (as well as the Ninth and Eleventh Circuits) should hopefully harmonize the case law and eliminate any schism between the courts.” Meanwhile, some insurers have begun to offer specific coverage for SEF. Limits, however, are generally inadequate for SEF losses, and the policies remain untested in court. One thing is certain: the risk of SEF and related losses and liabilities continues to rise. “Due to the increasing danger of SEF and the uncertain, insufficient coverage currently provided, policyholders should review their policies and consult with their brokers to identify strategies to protect against the economic consequences of SEF,” Jonathan and Colin write. “While insurance protects against economic loss resulting from SEF, it does not stop SEF from happening.” Read the article:

• “The Modern Fraudster: How Courts Are Responding to Social Engineering Fraud,” Insurance Journal, November 6, 2017