Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Social Engineering Fraud: A Risky Commercial Crime

Social Engineering Fraud: A Risky Commercial Crime

Social engineering fraud is a blanket term that is used to describe cyber crimes that are designed to deceive and manipulate victims into giving out confidential personal and financial information and funds. Cyber criminals target a variety of victims with this type of crime. Essentially, anyone with an email address and bank account is vulnerable to social engineering fraud. However, businesses are a popular target due to the resources they have available to take advantage of, and criminals are often able to get away with a significant amount of money before anyone notices.

What separates social engineering fraud from other types of cyber crimes is the level of effort that goes into each attempt. Criminals create a fake email address and web pages to mirror those in an organization and do a good amount of research to aid them in convincing their victim that they are legitimate and authorized in their request for information or transferring of funds.

A recent case brought to the Ninth Circuit Court perfectly illustrates how social engineering fraud plays out and why certain commercial insurance policies may or may not cover the resulting losses. In the case of Aqua Star (USA) Corp. v. Travelers Cas. & Sur. Co. of Am., the insured sued their insurance company for denying their claim of computer fraud under their commercial crime policy.

“The insured, a seafood importer, purchased seafood from a vendor.  The vendor’s email system was hacked, and the hacker apparently monitored email exchanges between the vendor and insured before beginning to intercept those emails to send fraudulent emails using spoofed email domains. The hacker later directed the insured’s employee to change the bank account information for payments to the vendor; the insured made the changes as directed and ultimately made $713,890 in fraudulent payments.”

Aqua Star filed a claim under the computer fraud provision in their commercial crime policy, but were denied by the insurer. On appeal, the Ninth Circuit held that the exclusion for loss “resulting directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer System” barred coverage, and noted that the insured’s employees clearly had authority to enter the insured’s computer system to enter Electronic Data to change the wire instructions and initiate transfers.

As cyber criminals become more savvy, businesses should ensure that their commercial crime insurance does not exclude coverage in cases of social engineering fraud, as these losses can be extremely devastating. Comprehensive insurance coverage paired with adequate cyber security and continued employee education is the only way to minimize the risk of falling victim to today’s cunning and manipulative cyber criminals.

About Axis Insurance Services

Axis Insurance Services specializes in providing employers with EPLI coverage and would be happy to discuss this must-have protection with you, particularly critical in today’s litigious environment. Just give us a call at (201) 847-9175.

Comments

comments

Blogged on: August 28, 2018 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions