It is an increasingly common scenario of which we have written before. A cyber bad guy hacks into a company’s system, hijacks an executive’s e-mail account, and sends wire transfer requests that appear legitimate. The unsuspecting recipient fulfills the request and the money disappears—often for good.
That is the basic fact scenario underlying the Ninth Circuit’s recent decision in Taylor & Lieberman v. Federal Insurance Company, No. 15-56102, 2017 WL 929211 (9th Cir. Mar. 9, 2017) (unpublished). Taylor & Lieberman (T&L), an accounting firm, received two e-mails from a “client” requesting wire transfers of nearly $200,000 to overseas accounts. Per the client’s request, T&L instructed the bank to transfer the money. When a third e-mail arrived, however, T&L called the actual client and learned that it had never sent any wire transfer requests. Bad news.
T&L filed a claim with its carrier, Federal Insurance Company, under a crime policy. Federal denied the loss and litigation ensued. Both the district court and the Ninth Circuit found for Federal. The Ninth Circuit made clear that while the Federal policy covered losses “resulting from forgery or alteration of a financial instrument by a third party,” the wire transfer e-mails were not financial instruments. Nor did the fraudulent e-mails trigger the policy’s computer fraud or funds transfer fraud coverages.
Policyholders that are interested in securing insurance for business e-mail compromises should consider a social engineering fraud endorsement to their crime policies. This coverage is becoming increasingly available as the number of business e-mail compromises rises steadily and the schemes grow ever more sophisticated.
Be careful out there.