Fake President Fraud – What Is It? and Is It
Covered?
Coverage Rulings On Claims Involving
Business Email Compromise
Owens, Schine & Nicola, P.C. v. Travelers Cas. & Sur. Co. of Am.,
No. CV-09-5024601-S, 2011 WL 3200296 (Conn. Super. Ct. June
24, 2011), vacated, No. CV-09-5024601-S, 2012 WL 12246940
(Conn. Super. Ct. Apr. 18, 2012).
• Crime policy defined computer fraud as the “use of any computer to
fraudulently cause a transfer of Money.”
• The policyholder, a Connecticut law firm, was asked by email to
receive and deposit a check from a debtor, deduct a fee for
collecting the payment, and write a check for the remainder to the
fraudster’s client. After following these instructions, the
policyholder was held responsible by its bank for the entire amount,
because the check was found to be fraudulent.
Continued. . .
Owens, Schine & Nicola, P.C. v. Travelers Cas. & Sur. Co. of Am.
(continued)
• Insurer argued that “computer fraud” required that a transfer
occur “by way of a computer ‘hacking’ incident, such as the
manipulation of numbers or events through the use of a computer
. . .”
• The court initially held that “the policy is ambiguous as to the
amount of computer usage necessary to constitute computer
fraud” and the ambiguity must be resolved in favor of coverage. It
emphasized that the imposters “communicated with the plaintiff
by an e-mail and the fraudulent check may have been created by
the use of a computer. . .”
• However, the trial court vacated its ruling several months later,
presumably in connection with a settlement of the matter.
Universal Am. Corp. v. Nat’l Union Fire Ins. Co. of
Pittsburgh, PA (N.Y. Sup. Ct. 2013)
• “Computer Systems Fraud” policy covered “[l]oss resulting directly
from a fraudulent … entry of Electronic Data.”
• The policyholder, a health insurer, suffered $18 million in losses
from fraudulent claims entered into its computer system by
providers.
• The court held that: “Nothing in this clause indicates that coverage
was intended where an authorized user utilized the system as
intended, i.e. to submit claims, but where the claims themselves
were fraudulent.”
• Although not a social engineering case per se, the decision
recognized a key proposition for such cases, i.e., that coverage
from a “fraudulent . . .entry’ of data was dependent on an action
by an unauthorized user.
Taylor & Lieberman v. Fed. Ins. Co. (C.D. Cal. 2015)
• Claims under the forgery, computer fraud, and funds transfer
clauses of the policy. Imposter fraudulently took control of a
client’s email account and sent wire payment instructions to an
employee of the policyholder, an accounting firm. The employee
twice initiated a funds transfer from the client’s account before
recognizing the fraud when a third fraudulent instruction was sent.
• The court held that coverage for each clause turned on language in
the policy requiring “direct loss sustained by an Insured” and that
“Plaintiff is attempting to recover for a third-party loss.”
• An appeal is pending in which the policyholder argues that “a
direct loss includes losses both to the insured’s own property, as
well as to property under its control, such as when the insured is a
trustee or bailee of the property.”
Apache Corp. v .Great Am. Ins. Co., --- F. App’x ---, 2016 WL
6090901 (5th Cir. Oct. 18, 2016) (unpublished).
• Claim under crime policy covering “loss . . . resulting directly from
[computer fraud].”
• A person claiming to be a vendor who wanted to change the
account for future payments called policyholder. The employee
notified the caller that such requests must be made in writing on
company letterhead; a few days later the policyholder received an
email with a letter appearing to be on the vendor’s letterhead
requesting the changes. Another employee called the number on
the letterhead to verify the request and then changed where
future payments would be sent. More than $24 million was sent to
the fraudulent address.
Continued . . .
Apache Corp. v .Great Am. Ins. Co.
(continued)
• The insurer contended that the human intervention that took
place between the fraudulent email that was received and the
loss meant that the “resulting directly from [computer fraud]”
requirement was not met.
• Fifth Circuit surveyed decisions interpreting computer fraud
policy language and agreed that “there is cross-jurisdictional
uniformity in declining to extend coverage when the
fraudulent transfer was the result of other events and not
directly by the computer use.”
Principle Solutions Group, LLC v. Ironshore Indem., Inc. (N.D.
Ga. 2016).
• Claim under Commercial Crime policy including coverage for
“Computer and Funds Transfer Fraud.”
• Controller of policyholder, a technology consulting firm, received
an email purportedly from one of the firm’s managing directors,
instructing her to issue a wire transfer that day. She later received
anticipated instructions by email and logged into the online
account and initiated the transfer. The bank’s fraud prevention
unit called for more information, and she called the imposter who
stated he received the instructions from the policyholder’s
managing director. She relayed this to the bank which then made
the transfer.
Continued . . .
Principle Solutions Group, LLC v. Ironshore Indem., Inc.
(continued)
• Citing the Apache trial court ruling, the court issued an
initial ruling finding ambiguity in the policy terms in
response to the parties’ dispute over whether the loss
“resulted directly from the fraudulent email that
appeared to have been sent by” the managing director.
• A motion for reconsideration urged that a covered loss
must arise from a fraudulent instruction sent directly to
the bank, and while the motion was pending, Apache was
reversed on appeal. A motion to supplement the motion
for reconsideration is pending.
Aqua Star (USA) Corp. v. Travelers Cas. and Sur. Co. of Am.
(W.D. Wash. 2016)
• Computer fraud coverage excluded “loss resulting directly or
indirectly from the input of Electronic Data by a natural person
having the authority to enter the Insured’s Computer System.”
• A hacker compromised a vendor’s computer and accessed email
traffic between the policyholder and its vendor, then used the
information learned to impersonate the vendor in an email to the
policyholder directing the change of bank account information for
future payments to the vendor.
• The insurer argued, and the court held, that the exclusion was
triggered because the policyholder’s employee was authorized to
input the account data into the company’s computer system. As
such, the loss resulted indirectly from the employee’s input of the
data.
• The case is on appeal to the Ninth Circuit.
State Bank of Bellingham v. BancInsure, Inc. (8th Cir. 2016)
• Claim under financial institution bond, which covered losses from
forgery computer system fraud among other risks.
• A bank employee logged on to her work computer using her token,
password, and passphrase. At the end of the day, the employee
left work without removing her token or properly logging off the
computer. Two unauthorized wire transfers were then made from
the bank’s account to two accounts as a result of malware inserted
by a computer hacker who made the transfers from the system
that was left logged on overnight.
Continued . . .
State Bank of Bellingham v. BancInsure, Inc.
(continued)
• Conceding the policy covered hacking events, the insurer argued
that the fraudulent hacking of the computer system by a criminal
third party was not the overriding, or efficient and proximate, cause
of the loss. But the court held that “an illegal wire transfer is not a
‘foreseeable and natural consequence’ of the bank employees’
failure to follow proper computer security policies, procedures, and
protocols.” Those actions created a risk of intrusion, but the
intrusion and the ensuing loss of bank funds was not certain or
inevitable. The court affirmed that the hacking was the overriding
cause.
• Case is not a social engineering case per se, but it provides guidance
on the cause of loss analysis that is important in many of the
business email compromise cases.
Pestmaster Servs., Inc. v. Travelers Cas. & Sur. Co. of Am.,
656 F. App’x 332, 333 (9th Cir. 2016).
• Claim under crime policy with Funds Transfer Fraud and Computer
Crime coverage. Policyholder hired payroll services company to pay
salaries and payroll taxes, but company debited funds and
fraudulently failed to pay taxes.
• Court held the Fund Transfer Fraud provision did not cover losses
arising from authorized electronic transactions even if they are, or
may be, associated with a fraudulent scheme. Also, the Computer
Crime coverage did not apply where there was no unauthorized use
of the policyholder’s computer; the payroll company was not a
hacker or intruder. The case was remanded to consider coverage
for certain funds transfers that the policyholder alleged were
unauthorized.
Continued . . .
Pestmaster Servs., Inc. v. Travelers Cas. & Sur. Co. of Am.,
(continued)
• Court recognized that, given near-universal use of computers,
it would be contrary to the parties’ intent and reasonable
expectations to read Computer Crime provisions “to cover all
transfers that involve both a computer and fraud at some
point in the transaction.” To do so would convert the policy
“into a ‘General Fraud’ Policy.”
S. Cal. Counseling Ctr. v. Great Am. Ins. Co., --- F. App’x ---,
2016 WL 3545350 (9th Cir. June 28, 2016).
• Claim under Computer Fraud Insuring Agreement for loss resulting
from payroll services company’s use of a computer to transfer
money fraudulently from policyholder’s account to itself.
• Coverage did not apply to loss from the dishonest acts of any
authorized representative of the policyholder. Even if fraudulently
induced to do so, the policyholder had authorized the payroll
services company to act on its behalf, including by debiting its
accounts.
• Again, not a social engineering case per se, but stands for
proposition that transfer by authorized person was not covered.
Continued . . .
S. Cal. Counseling Ctr. v. Great Am. Ins. Co., --- F. App’x --(continued)
• Court recognized that the function of the exclusion in the policy
is “to place the onus of vetting the individuals and entities whom
the insured engages to stand in its shoes – and thus the risk of
loss stemming from their conduct – squarely on the insured.”
Conclusion: Fake President Fraud – What
Is It? and Is It Covered?
Key issues include:
• Authorized user
• Direct loss sustained by an insured
• Resulting directly [or indirectly] from
• Cause of loss analysis